Nintendo Switch Hacked Via Built-In WebKit Exploit

Nintendo’s Switch has shipped with months-old bugs in its WebKit browser engine that open it up to hacking through the use of arbitrary code execution.

Twitter user and security-cum-hacker specialist ‘qwertyoruiop’ posed a screen shot on the social media network demonstrating the proof-of-concept hack in action.

The Nintendo Switch has only be out for a mere two weeks, yet seems to have attracted the attention of people with the tenacity and digital skills to explore how the hybrid games console can be pushed beyond its normal capabilities.

Switching things up

Such a code injection hacks have been known to cause havoc in the past with the ability to hijack devices such as smartphones and enable malicious actors to steal data from mobile devices.

Given the Nintendo Switch, at the moment, does not present a platform that encourages users to part with a swathe of personal information, contact details, emails and messages, performing a code injection attack on the console is not likely to yield much in the way of valuable data.

And the WebKit browser engine on the console simply acts as a means for interacting with public Wi-Fi hotspots as opposed to providing a web browser for users to navigate the internet with on the device, without putting in a significant amount of effort.

But by setting up a proxy server between the Switch and a public Wi-Fi connection, the hackers can intercept data running from the switch to the network. Normally, WebKit is used to direct Switch users to a captive portal, a web interface used to authenticate and log-on to public Wi-Fi, but once the Switch is connected to a proxy server, hackers can create their own captive portal to establish a connection to the Switch and begin to exploit the WebKit vulnerability.

The flaw in question is the CVE-2016-4657 bug, which was commonly used to carryout arbitrary code injection on iOS devices before it was patched out. As such, hackers can exploit this flaw in the Switch and potentially pave the way for jailbroken consoles and possibly allow for so-called ‘homebrew software to be run on the Switch. However, the bug does not lead to kernel access so the depth of the exploit and the ability to tweak a swathe of the Switch’s setting is not yet possible.

Furthermore, to really get into the Switch and work WebKit to their advantage, hackers need to have an in-depth knowledge of the CV-2016-4657 bug, as putting it to use Is a complex process. As such, large numbers of Switch hacks are not likely to been seen using the technique found by qwertyoruiop.

Given the Nintendo Switch will have had its production finalised likely before the bug was fully reported and fixed, it is not too surprising that the WebKit exploit is present, though Nintendo will likely move to patch it before hackers find any nefarious ways to really crack into its flagship games console.

Quiz: Are you a security guru?