Nintendo’s Switch has shipped with months-old bugs in its WebKit browser engine that open it up to hacking through the use of arbitrary code execution.
Twitter user and security-cum-hacker specialist ‘qwertyoruiop’ posed a screen shot on the social media network demonstrating the proof-of-concept hack in action.
The Nintendo Switch has only be out for a mere two weeks, yet seems to have attracted the attention of people with the tenacity and digital skills to explore how the hybrid games console can be pushed beyond its normal capabilities.
Given the Nintendo Switch, at the moment, does not present a platform that encourages users to part with a swathe of personal information, contact details, emails and messages, performing a code injection attack on the console is not likely to yield much in the way of valuable data.
And the WebKit browser engine on the console simply acts as a means for interacting with public Wi-Fi hotspots as opposed to providing a web browser for users to navigate the internet with on the device, without putting in a significant amount of effort.
But by setting up a proxy server between the Switch and a public Wi-Fi connection, the hackers can intercept data running from the switch to the network. Normally, WebKit is used to direct Switch users to a captive portal, a web interface used to authenticate and log-on to public Wi-Fi, but once the Switch is connected to a proxy server, hackers can create their own captive portal to establish a connection to the Switch and begin to exploit the WebKit vulnerability.
Furthermore, to really get into the Switch and work WebKit to their advantage, hackers need to have an in-depth knowledge of the CV-2016-4657 bug, as putting it to use Is a complex process. As such, large numbers of Switch hacks are not likely to been seen using the technique found by qwertyoruiop.
Given the Nintendo Switch will have had its production finalised likely before the bug was fully reported and fixed, it is not too surprising that the WebKit exploit is present, though Nintendo will likely move to patch it before hackers find any nefarious ways to really crack into its flagship games console.
Quiz: Are you a security guru?
Most people in the United States view TikTok as a Chinese influence tool a poll…
UK regulator confirms it is investigating whether OnlyFans is doing enough to prevent children accessing…
Dismissed staff file complaint with a US labor board, and allege Google unlawfully terminated their…
Elon Musk dismisses two senior Tesla executives, plus the entire division that runs Tesla's Supercharger…
Eight newspaper publishers in the US allege Microsoft and OpenAI used their millions of their…
US judge sentences Binance founder, Changpeng Zhao, to four months in prison for ignoring money…