Nintendo Switch Hacked By Exploiting WebKit Vulnerability

Nintendo Switch

It is not even two weeks since the launch of Nintendo Switch, and we are already hearing reports that the device was hacked. A recent report claims that famed iOS jailbreaker qwertyoruiop has revealed he found a way inside the Switch, and hackers have to thank Apple for that.

Although Switch has no actual web browser, the console still uses Apple’s WebKit engine to perform captive portal logins. The WebKit engine is the same open source engine powering Safari on Mac and iOS. However, the Switch uses an old version of WebKit, which was the same version that came with iOS 9.3. This particular version has a known vulnerability that allowed the Pegasus malware to run rampant on iPhones. Apple patched that exploit in iOS 9.3.5. However, for some unknown reason, Nintendo decided to go with the unpatched version.

This implies Nintendo might have rushed the release of the Switch, if they released it with known WebKit vulnerabilities on the browser. Perhaps they just crossed their fingers no one would notice.

Jailbreaker, qwertyoruiop, has had experience it the iOS 9.3 WebKit browser before. If you are interested, you can find the original qwertyoruiop’s Jailbreak code here. According to him, it was not too much work to modify his older exploit, strip it of iOS specific code, and make it work for the Switch. He does not provide any proof of concept or a release, but LiveOverflow made a rather detailed video showing and explaining how the exploit works.

 

For now, this hack does not mean much for the end user as nothing is released to the public and this is only a user-land exploit. The hack does not reveal much information yet or hand over control to hackers, but it is always a start. Also, most hackers are typically interested in Kernel access and finding potential privilege escalation vulnerabilities.

Nintendo wants to keep their high-profile device super closed. In fact, Nintendo Switch users cannot transfer save files to other devices, as the company do not allow users to access the device’s in built memory. Unfortunately, this also attracts hackers, who are looking for a challenge.

Since the knowledge of the WebKit vulnerability is now public, we can expect Nintendo to soon release an update patching WebKit.

Source

Haridas Gowra Avatar

Help Us Grow

If you like this post, please share it with your friends.

You are free to copy and redistribute this article in any medium or format, as long as you keep the links in the article or provide a link back to this page.

Subscribe to Newsletter




Privacy Settings

Privacy & Cookie Overview

Our website uses cookies to provide you with the best user experience possible. These cookies are stored in your browser and perform essential functions such as recognizing you when you return to our website, as well as helping us to understand which sections of the website you find most useful and engaging.

To learn more, you can read our Privacy & Cookie Policy or reach out through our Contact form.

Strictly Necessary Cookies

Strictly Necessary Cookies must always be enabled to ensure the proper functioning of this website and to allow us to provide you with excellent service. These cookies are also essential for saving your cookie preferences.

Google Adsense

We use Google AdSense to keep this site free by displaying relevant ads. AdSense requires essential cookies that cannot be disabled, but you can manage other cookies. We respect your privacy and provide options to control non-essential cookies.

For more details on how Google handles your data, visit Google's Data Usage Policy. Please review our Privacy Policy for more information on how we protect your data.

AddToAny

We use AddToAny for social sharing. It doesn’t store cookies, ensuring a privacy-friendly experience. AddToAny complies with GDPR and CCPA by default.

For more, see their Privacy Policy.

OneSignal

We use OneSignal to send notifications to users who opt in. OneSignal complies with GDPR and is certified under the EU-US and Swiss-US Privacy Shield frameworks.

For more, see their Privacy Policy.

3rd Party Cookies

This website utilizes third-party cookies, which can enhance your experience and support our ongoing efforts to improve our services.

Google Analytics

We use Google Analytics to collect anonymous data, such as visitor numbers and popular pages, to improve user experience and site performance. Keeping this cookie enabled helps us refine the site based on visitor activity.

For more information, see Google’s Privacy Policy.

Discover more from Prime Inspiration

Subscribe now to keep reading and get access to the full archive.

Continue reading