Switch console flaw leaves Nintendo looking flat-footed

Interesting!

tl;dr without actually reading the article the “flaw” is the same WebKit bug that was used in the Pegasus exploit, which is the same bug that qwerty/pangu used for an iOS 9.3.x jailbreak.me. Here’s an exploit toolkit: http://pegaswitch.com/

 

Barely two weeks after going on sale, someone has hacked the Nintendo Switch console using an old Apple iOS flaw in a browser that’s not officially supposed to be on the machine.

Welcome to the odd universe of console hacking, by which we mean either jailbreaking or, failing that, making the machine do something interesting nobody knew was possible. For each new console these days, the story always starts as a race to be the first to find a way in.

The latest honour has been claimed by a young Italian iPhone jailbreaker called Luca Todesco (@qwertyopriup) who posted an image on Twitter with the word “done” on the Switch’s screen below a laptop displaying the code used to make that happen.

He had, he said, used a modified version of his own JailbreakMe tool to exploit an old Apple iOS 9.3 flaw in the WebKit HTML rendering engine used by a hidden, integrated browser. A second individual, LiveOverflow, quickly published a proof of concept confirming the discovery, while a third research group, ReSwitched, offered their own tool.

This was unexpected. Statements by Nintendo in February suggested the Switch wouldn’t ship with a browser, something commentators immediately doubted. Without some kind of browser, how would users connect their expensive portable console to the internet through the captive portals used by hotspots?

In fact, there was a hidden browser interface that could be invoked under special conditions such as accessing a Facebook profile or – yes! – using a WiFi hotspot. So the Switch had a browser of sorts after all, just not a very useful one.

We now know this happens to be vulnerable to a security flaw that Apple fixed in an update months ago. But does the issue have any significance beyond telling us that the first Switches entered the supply chain some time ago?

The flaw in the WebKit browser isn’t on par with a full kernel jailbreak of the sort that would allow piracy or custom firmware, so perhaps not. Nintendo can also patch the issue with an update although when that might turn up is anyone’s guess.

Nevertheless, Nintendo clearly isn’t paying enough attention to problems it should have anticipated months ago. It’s not as if software flaws in browsers are surprising.

Perhaps the risk from consoles is morphing from old-style jailbreaking to “userland” attacks. In an interview with Forbes, Todesco speculated about the future potential to use Switch consoles for surveillance: “If there is a microphone you could use the switch to record and send that remotely.”

 

Switch console flaw leaves Nintendo looking flat-footed