Anytime a new gaming device launches you can count on hackers to show up and begin tinkering. Nintendo has been aggressive in countering their attempts, regularly releasing firmware updates that remove any modifications to the system. Nintendo has been particularly protective when it comes to Switch, but some hackers claim it’s not enough. According to 3DS/Switch hacker
SciresM, the hybrid system is now “completely compromised.”
SciresM is part of the
ReSwitched hacking group, which seeks to “fully document the inner workings of the Nintendo Switch, as well as hacking the console to allow homebrew software.” The group claims they do not support piracy but instead only wishes to allow players to develop and run homebrew software applications. SciresM in particular says the group is aiming to “create an engaged homebrew scene and do our best to foster a good, healthy community around it.”
Speaking with GBAtemp, SciresM praised Nintendo’s security efforts on Switch, but he pointed to Tegra X1 hardware as an exploitable weakness.
“I think that software-wise, Nintendo has done a really great job. Their operating system, Horizon, is a new, updated version of the OS on the 3DS — with all of the hardening that has come from the 3DS’s years of security issues. There have been a few unfortunate mistakes on their part, but by and large HOS is extremely secure. We’ve still not seen even one traditional exploitable vulnerability in the HOS kernel, which I think speaks well of the investment Nintendo has been making into securing their platform. I think that the Switch’s biggest weakness, security-wise, is that it’s running on (and has to be designed around) the Tegra X1 hardware.”
SciresM went on to detail when he and his team gained access to various levels of Switch.
“It depends on what you mean by “firmware”. We first managed to break into the web browser’s sandbox when Schala implemented the “Pegasus” vulnerability the day after the console released, but we didn’t manage to break into the code for the OS’s system modules until Misson20000 and Schala found the winning pair of vulnerabilities in June, 2017. It’s also possible by “firmware” you mean “kernel” or “TrustZone” code, in which case the answer would be that Motezazer and I got code execution at those levels (and thus dumped their code for the first time) in November and December 2017, respectively.”
At this stage in the process, just over a year after launch, the ReSwitched team says Nintendo Switch is completely compromised.
“The Switch has been completely compromised… All current hardware can be compromised. They can mitigate vulnerabilities in newer units, though, either via a hardware revision or updating the bootrom patches written at the factory.”
Nintendo will no doubt continue to fight efforts from hackers, homebrewers, and anyone else looking to tinker with their Nintendo Switch.