Domain: fail0verflow.com
Stories and comments across the archive that link to fail0verflow.com.
Stories · 2
-
Hackers Manage To Run Linux On a Nintendo Switch (techcrunch.com)
Romain Dillet reports via TechCrunch: Hacker group fail0verflow shared a photo of a Nintendo Switch running Debian, a distribution of Linux. The group claims that Nintendo can't fix the vulnerability with future firmware patches. According to fail0verflow, there's a flaw in the boot ROM in Nvidia's Tegra X1 system-on-a-chip. When your console starts, it reads and executes a piece of code stored in a read-only memory (hence the name ROM). This code contains instructions about the booting process. It means that the boot ROM is stored on the chip when Nvidia manufactures it and it can't be altered in any way after that. Even if Nintendo issues a software update, this software update won't affect the boot ROM. And as the console loads the boot ROM immediately after pressing the power button, there's no way to bypass it. The only way to fix it would be to manufacture new Nvidia Tegra X1 chips. So it's possible that Nintendo asks Nvidia to fix the issue so that new consoles don't have this vulnerability. -
AT&T Microcell Disassembly; Security Flaws Exposed
CharlyFoxtrot writes "The geeks over on the fail0verflow blog took apart an AT&T Microcell device which is 'essentially a small cell-tower in a box, which shuttles your calls and data back to the AT&T mothership over your home broadband connection.' They soon uncovered some real security issues including a backdoor : 'We believe that this backdoor is NOT meant to be globally accessible. It is probably only intended to be used over the IPSEC tunnel which the picoChip SoC creates. [...] Unfortunately, they set up the wizard to bind on 0.0.0.0, so the backdoor is accessible over the WAN interface.'"