The Switch is Nintendo's fastest selling console ever, with an estimated 1.5 million units shipped worldwide according to GamesIndustry.biz. The numbers are based on a report from SuperData Research, which compiled stats from both GfK and Famitsu. The respectable size of the install base therefore makes the reveal of this vulnerability all the more interesting.
On March 11, qwertyoruiop (who contributed to the 1.76 PS4 jailbreak, along with jailbreaks for multiple iOS versions) posted a picture showing a WebKit exploit running on Nintendo's newest console.
The reason why this is even possible is that the Switch ships with a version of WebKit which is vulnerable to a remote code execution proof-of-concept called jailbreakMe, which was created by qwertyoruiop and can exploit a bug in WebKits found in iOS 9.3.4 and prior. All it took qwertyoruiop to adapt the tool to the console was the mere removal of iOS-specific code. With that, the built-in browser was able to be forced to access files from a local server, opening the door to use for playing pirated games or creation of homebrew projects.
At first, the authenticity of this exploit was called into question, but a proof-of-concept has been created by developer LiveOverflow in order to sway doubters:
What’s been released is just a proof of concept: it confirms that the browser is vulnerable to the attack. To the end user, this brings pretty much nothing at this point. For hackers, however, this is an entry point to start analyzing the internals of the Nintendo Switch OS: it is now possible to start looking at the RAM and understand a bit more about the device’s firmware. Typically this kind of exploit then leads to the possibility to dump a few libraries, which is then followed by a hunt for a privilege escalation vulnerability (basically, a kernel exploit), which would give full access to the device.
An explanation and demonstration by LiveOverflow can be seen in the video below:
This particular WebKit flaw was patched by Apple in August of last year, so all that's left is for Nintendo to push out an update to its console and fix this problem.
Source: Graham Cluley | Nintendo Switch exploit image: quertyoruiop
8 Comments - Add comment