The insanely popular Nintendo Switch has a serious flaw that allows hackers to run unauthorized code on the console. The newly discovered Nintendo Switch exploit would let users mod their consoles to do things that Nintendo doesn’t let them. They can run custom software on the console, back up the saved games to their own hard drives, and extend the capabilities of the software to their liking. There is little chance hackers would be able to steal your data, though.
Noted developer Kate Temkin and others at the ReSwitched project had pointed to the Nintendo Switch exploit several months ago. Now they have proved and documented the flaw, and have shared the details with Nintendo and Nvidia. Why Nvidia? Because the “unpatchable” security vulnerability dubbed Fusée Gelée is found in Nvidia’s Tegra X1 chips. All the Nintendo Switch units currently available in the market have this flaw.
Kate Temkin shared an extensive outline of the Fusée Gelée coldboot vulnerability on GitHub. She says in FAQ, “Fusée Gelée isn’t a perfect, ‘holy grail’ exploit—though in some cases it can be pretty damned close.” She had planned to make the Nintendo Switch exploit public on June 15 or when someone releases it independently. The Nvidia Tegra X1 flaw appears to have been an open secret for a long time. It is only being confirmed now.
To run unauthorized code on the console, you’ll have to short out a pin on the right Joy-Con connector. It forces the console into USB recover mode, setting it up for exploitation. Shorting out the pin is the most difficult part of the exploit. Folks at FailOverflow tweeted a picture of plug-in device that can easily short out the pin. Temkin noted that even exposing and bending the pin would do the job.
Introducing our new, revolutionary technology for Nintendo Switch modification. Welcome to SwitchX PRO. Coming soon. pic.twitter.com/d3xGawrW1u
— fail0verflow (@fail0verflow) April 23, 2018
The Nintendo Switch exploit circumvents the lock-out operations that protect the Tegra X1 chip’s bootROM. A misformed packet sent during the USB recover mode allows the connected device to send up to 65,535 bytes (64 kibibytes) of data per control request. Since the data overflows the direct memory access (DMA) in the bootROM, it easily gets copied into the application stack to run arbitrary code.
Is this the right place to pitch a dramatically cost reduced version? ^_^ pic.twitter.com/I0WlOOvpBp
— Kate Temkin (@ktemkin) April 23, 2018
A major cause of worry is that neither Nintendo nor Nvidia can fix it via a downloadable patch. The bootROM can’t be modified once the Tegra X1 chips have left the factory. Nintendo has shipped more than 14.8 million Switch units worldwide so far, making them vulnerable. The Japanese company could tweak the code to ensure that the new units coming out of the factory are immune. In the past, Nintendo has fixed software-level exploits via downloadable system updates. But this one can’t be fixed.
Fortunately for the affected users, the vulnerability could be exploited only if the hacker has direct, physical access to the console. Power users who want to modify their own consoles are of course going to love the exploit. But Nintendo could still do something about it even when the exploit becomes widespread. The company could detect the “hacked” consoles when they sign on to its servers, and prohibit those systems from using the online functions.
Recent reports suggest that Nintendo might be planing to launch an upgraded Switch hardware with a new processor. Last month, the company rolled out firmware update 5.0 for the Switch, which contained evidence related to the hardware update. According to data miners at Switchbrew, code within the firmware 5.0 suggests that the upgraded Switch would be powered by Nvidia Tegra 214 processor. It would also get a higher 8GB RAM compared to 4GB on the current Nintendo Switch. The additional RAM should help it run games more smoothly.
Nintendo has rejected reports of a Switch 2.0 console. So, it’s possible that the upgraded hardware would be reserved for developers. It makes sense considering Nintendo is currently more interested in accessories and peripherals than upgrading the hardware. Nintendo Switch is only a year old, and is still selling pretty well. Nintendo might release a Switch 2.0 when console sales begin to cool off, and that is unlikely to happen anytime soon. The company has promised that it would support the Nintendo Switch for longer than the usual 5-6 years.
It took Nintendo Switch less than a year to surpass the lifetime sales of the Wii U. According to NPD Group, the Switch is in more American homes in the first year of launch than any other console ever. Nintendo said in January that it had sold 4.8 million consoles in the US and another 3.8 million in Japan. The company is preparing to launch the Nintendo Switch Online service in September. The paid Online service would cost $3.99 per month or $7.99 per quarter or $19.99 per year.