Security News Nintendo Switch users could cracked after unpatchable flaw found in Nvidia Tegra chips

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Content source
https://www.theregister.co.uk/2018/04/23/nvidia_tegra_flaw/
Researcher reveals demo attack code, full release in June

Security researcher Kate Temkin has released proof-of-concept code to launch an exploit chain called Fusée Gelée, which relies on an as-yet-undisclosed vulnerability in past versions of Nvidia's Tegra system-on-a-chip.

Temkin, who participates in the Nintendo Switch hacking project ReSwitched, has developed a cold boot hack for the device that takes advantage of the supposed Tegra flaw. She's also working on customized Switch firmware called Atmosphére, which will be installable through Fusée Gelée.
In a blog post outlining her findings earlier this month, Temkin explains, "The relevant vulnerability is the result of a 'coding mistake' in the read-only boot ROM found in most Tegra devices."
Click to expand...
The bug is expected to be revealed on June 15, 2018, unless it is made public by others first – a parallel effort to create custom firmware for the Switch using the vulnerability, or one substantially similar, is underway by a group called Team Xecuter.

The vulnerability is said to affect Tegra chips prior to T186/X2 (released in 2016), so it's not just the Nintendo Switch that's potentially vulnerable.
Temkin claims the issue affects all current Nintendo Switch firmware versions. She also suggests that the flaw she identified isn't necessarily the only vulnerability that has been found.

The nature of the flaw is such that it will require a hardware revision to fix. The boot ROM accepts minor patches in the factory but cannot be updated afterwards, according to Temkin.
Temkin says the vulnerability was responsibly disclosed to and forwarded to other vendors that use the Tegra embedded processor, including Nintendo.
Click to expand...
 
  • Like
Reactions: harlan4096
LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
source (bleepingcomputer.com): Researcher Discloses "Unpatchable" Nintendo Switch Exploit
Fusée Gelée is unpatchable

At the technical level, Fusée Gelée is nothing more than a trivial buffer overflow vulnerability. The problem is its location in the Switch's bootROM component —found inside the Nvidia Tegra chipset— that controls the device's boot-up routine.

This component is locked down at the hardware level after leaving the Nintendo factories, meaning they can't be updated via a firmware patch. This makes Fusée Gelée unpatchable, and it's hard to believe Nintendo will recall millions of gaming consoles just to fix a jailbreak.

Exploitation requires forcing Switch in USB recovery mode

Exploiting Fusée Gelée isn't that complicated either, albeit dangerous. Users need to force the Switch to reboot in USB recovery mode and then use the USB connection to launch a Python script via a console.

Probably the hardest part of the entire hack is forcing the Switch into USB recovery mode, which can be achieved by pressing and shorting two pins on the right Joy-Con connector.

Katherine Temkin, the hacker who discovered the exploit, has published a FAQ page about Fusée Gelée, how users could short the two pins, and the PoC code.

The current PoC code only prints device specific data on the Switch's
screen, but Temkin promised to publish more scripts and information about exploiting Fusée Gelée on June 15, 2018, when the original disclosure of this vulnerability was planned to take place.
Click to expand...
"Fusée Gelée isn't a perfect, 'holy grail' exploit-- though in some cases it can be pretty damned close," Temkin said.

Nonetheless, Nintendo Switch owners should be very careful in using the Fusée Gelée exploit to mod their consoles, as this could lead to some hardware damage when carried out by inexperienced users, such as shorting other Switch hardware components by accident.
Click to expand...
 
  • Like
Reactions: harlan4096 and Deleted member 65228
LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
source (thehackernews.com): Nintendo Switches Hacked to Run Linux—Unpatchable Exploit Released

Nintendo Switches Hacked to Run Linux—Unpatchable Exploit Released

Two separate teams of security researchers have published working proof-of-concept exploits for an unpatchable vulnerability in Nvidia's Tegra line of embedded processors that comes on all currently available Nintendo Switch consoles.

Dubbed Fusée Gelée and ShofEL2, the exploits lead to a coldboot execution hack that can be leveraged by device owners to install Linux, run unofficial games, custom firmware, and other unsigned code on Nintendo Switch consoles, which is typically not possible.
Click to expand...
 
  • Like
Reactions: harlan4096 and Deleted member 65228
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
WinRAR flaw lets hackers run programs when you open RAR archives - fixed in version 6.23
Replies
1
Views
1,760
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
vtqhtr413
    • Like
    • Wow
    • +Reputation
Security News Graphics card flaw enables data theft in AMD, Apple, and Qualcomm chips
Replies
0
Views
1,231
Security News
vtqhtr413
vtqhtr413
silversurfer
    • +Reputation
    • Like
New Flaw in AMD Zen 2 Processors Puts Encryption Keys and Passwords at Risk
Replies
1
Views
1,148
News Archive
JustInTime
JustInTime

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top