Nintendo Switch Ships With Unpatched 6-Month-Old WebKit Vulnerabilities

An anonymous reader quotes a report from Ars Technica: Nintendo's Switch has been out for almost two weeks, which of course means that efforts to hack it are well underway. One developer, who goes by qwertyoruiop on Twitter, has demonstrated that the console ships with months-old bugs in its WebKit browser engine. These bugs allow for arbitrary code execution within the browser. A proof-of-concept explainer video was posted here. The potential impact of these vulnerabilities for Switch users is low. A Switch isn't going to have the same amount of sensitive data on it that an iPhone or iPad can, and there are way fewer Switches out there than iDevices. Right now, the Switch also doesn't include a standalone Internet browser, though WebKit is present on the system for logging into public Wi-Fi hotspots, and, with some cajoling, you can use it to browse your Facebook feed. The exploit could potentially open the door for jailbreaking and running homebrew software on the Switch, but, as of this writing, the exploit doesn't look like it provides kernel access. The developer who discovered the exploit himself says that the vulnerability is just a "starting point."

You say vulnerability, I say opportunity

[Opportunist]

You see, on consoles such things get fixed incredibly quickly. Not because console makers are security conscious, but because such holes allow people to actually own the consoles they paid for.

Re: You say vulnerability, I say opportunity

Well, you sure convinced me. Now time to go track down a copy of the new Zelda game on PC...

Re:You say vulnerability, I say opportunity

[The+MAZZTer]

I am quite understanding of console makers' desire to protect their consoles from running pirated games. I am less understanding when their anti-piracy measures go as far as to block backups of saved games, which means if you have to send your console in for repair all your saved games may very well get wiped. There are already horror stories about the Switch in this regard. I fully support homebrew on the Switch if only to fix this intentional flaw. If it enables piracy in the process, too bad for Nintendo. They should have learned their lessons like Valve did when they created Steam and totally owned the PC gaming market.

Re:You say vulnerability, I say opportunity

[Opportunist]

If you can manipulate save games, it may well open up an exploit that can trigger a flaw that allows you to compromise the system.

Game makers are notorious for forgoing sanity checks on save games.

Re: You say vulnerability, I say opportunity

[Zero__Kelvin]

Of course you can. When you try to do so as the car literally won't let you get back to us.

Re:You say vulnerability, I say opportunity

[BronsCon]

2 million units, 2 (a couple) thousand vocal complainers, that's a 0.1% defect rate. One in one thousand. And that's just the vocal complainers; now, factor in that they're the minority. In what world is a 0.1% defect rate acceptable outside of dollar stores and clearance centers? A 0.1% defect rate is what destines a product for those places. Hopefully, Nintendo will fix these issues in short order, support the Switch for a reasonable time, then exit the console market entirely.

Don't get me wrong, I love Nintendo, I grew up on Nintendo, and I would love to see Nintendo keep making games. I would just like to play those games with current-gen quality graphics, on systems built by people who have a clue how to build decent hardware or, at least, who have the ability to own their mistakes and make them right. That could include consoles and/or PC.

Nintendo has a history of not owning their mistakes and only begrudgingly making them right when enough people have made a loud enough public outcry over it. They do not belong in the hardware market anymore; at least, not making consoles. Joycons, or some more ergonomic incarnation of them, could be a compelling controller for other platforms. Hell, they'd be a great VR controller, but not at the Switch's 720p.

Between their IP (Mario, Zelda, DK, and Splatoon, just for starters) and their creative thinking toward control systems, they have the potential to do so much more for the world of gaming (and make so much more money licensing their IP) than they'll ever be able to do hamstrung by their own slower-than-2-generations-ago consoles.

Casual gaming is not a viable market to design and build hardware for, because casual gamers already have libraries of games on their phones. Nintendo needs need to be cutting edge, again, like they were in the 80's and 90's; but they don't want to do that. That's why I'm saying they just need to exit the console market; or, at least, produce something more current and with the level of quality (and quality control) they used to have.

Re:You say vulnerability, I say opportunity

[tlhIngan]

I am quite understanding of console makers' desire to protect their consoles from running pirated games. I am less understanding when their anti-piracy measures go as far as to block backups of saved games, which means if you have to send your console in for repair all your saved games may very well get wiped. There are already horror stories about the Switch in this regard. I fully support homebrew on the Switch if only to fix this intentional flaw. If it enables piracy in the process, too bad for Nintendo. They should have learned their lessons like Valve did when they created Steam and totally owned the PC gaming market.

Well, the flash memory of the Switch is actually on a separate removable board. You almost never do this unless you intend for the memory to be moved between units - especially in a console where cost is king. The fact that the eMMC is deliberately on a separate board (with separate costs in production, connectors, reduced reliability, etc) instead of soldered to the main board like every other eMMC chip out there implies that it was designed to be moved.

And a lot of hacks have come by way of save games - so much so that Microsoft started signing xbox360 saves so they couldn't be edited (this too after people started moving saves around to get achievements).

Re:You say vulnerability, I say opportunity

[DrXym]

And by "actually own" you mean "pirate stuff". Consoles are closed platforms because the billions in profits come from making you pay to play stuff on the thing. This should not come as a shock to any prospective owner.

Owners who bought it on the basis of being a closed system should be glad its kept closed because it means more premium titles for them to play and a platform which isn't dead before its time. Exploited systems rapidly descend into a cesspit of shovelware and an early grave.

Re:You say vulnerability, I say opportunity

[erapert]

Do you use Windows? More to the point, do you use Windows 10?

Re: You say vulnerability, I say opportunity

Well, I hope I never grow up.

Re: You say vulnerability, I say opportunity

[geminidomino]

It wouldn't if people used it correctly.

It begs the question:

Are you being intentionally ironic?

Re:You say vulnerability, I say opportunity

[adolf]

So every hacked console, ever (which is just about all of them except the current gen), was a dismal failure?

Re: You say vulnerability, I say opportunity

[wonkey_monkey]

It begs the question:

Hoo. I'd like to think you did that deliberately, but...

Re:You say vulnerability, I say opportunity

[wonkey_monkey]

It makes as much sense as "this!"

Re:You say vulnerability, I say opportunity

[DrXym]

Yes by the measure of what it could have been without those hacks. Platforms that don't or can't be fixed (e.g. DS, Wii) get blackballed or 3rd parties churn out shovelware because there is no profit from aiming any higher.

Re:You say vulnerability, I say opportunity

[ArmoredDragon]

The hardware issues are largely overblown. It's just a combination of hype around the release, a lot of press coverage, and a shortage of replacement stock. The vast majority have no problems with their hardware. They sold 2 million pre-orders, and you're hearing maybe a couple of thousand vocal complainers, the true failure rate is well under 1%.

I kind of doubt that. While I'm not interested in owning one of these (or any console for that matter) a complaint that seems universal at this point is that they use a plastic touchscreen with a plastic dock that has no means of buffering the display against scratches. That invariably means a high number of these are going to have scratched/scuffed screens just because of normal use. That is by definition a defect, and basically 100% of them are affected.

Also, as a universal rule in quality control for any industry, a defect is anything that causes customer dissatisfaction. Nintendo can argue all they want about what is and isn't a defect, but if a customer complains about it, then it is to be considered a defect, unless their quality control department just plain sucks, which it likely does with what I've seen of this tablet.

Re:You say vulnerability, I say opportunity

[Opportunist]

I have to use Win7, what's your point?

Re:You say vulnerability, I say opportunity

[DrXym]

Don't be absurd. Billions are lost from cracked consoles. This is quite evident by observing the roaring trade in DS revolution style cartridges that allowed people to play "backups" (i.e. pirate copies). It can also be observed by the quality of titles on platforms that get pirated. Quality falls off a cliff and all that sells is shovelware and a few 1st party titles. Honest owners suffer as much as the platform does from this drop in quality.

If the Switch is irrevocably hacked this early in its life it will prove fatal to the platform. Nintendo presumably have taken measures in depth to stop this and anyone who owns a Switch better hope they have.

Re:You say vulnerability, I say opportunity

[DrXym]

There is no "blatant violation" because there is no reasonable expectation when purchasing a console that you should be able crack the hardware/software, or that if you do that the manufacturer should still provide service to your device.

Hack away but consoles manufacturers are totally in their rights to block your device, sue you under the right circumstances, ban you online, or patch the firmware so new games won't play.

Re: You say vulnerability, I say opportunity

[endercase]

Or an emulator or ton of time working with wine.

Re:You say vulnerability, I say opportunity

[adolf]

We can't measure against what they could have been, because we cannot know how that road would have played out.

You're presenting speculation and opinion as fact.

Come back with a real argument, mmkay?

Re:You say vulnerability, I say opportunity

[erapert]

Use an OS that allows you to actually own the computer you paid for instead of using Windows.

There's a shock.

[fuzzyfuzzyfungus]

Has Nintendo ever done a decent job with software that isn't a game?

Re:There's a shock.

[SpaghettiPattern]

Has Nintendo ever done a decent job with software that isn't a game?

Chill out buddy. Our whole life is a game. Enjoyment over finishing #1.

Re:There's a shock.

[jonwil]

Sony has been bitten by browser bugs on PS4 as well (and in fact such bugs have been used by people looking to jailbreak the system)

Re:There's a shock.

[_merlin]

Remember when NetFront actually wrote a browser, rather than wrapping WebKit? I had the NEC e606 and e616 phones that had the actual NetFront mobile browser. It made a decent effort to render pages on a tiny screen and make them usable with just the eight-way controller.

Re:There's a shock.

[CronoCloud]

I remember, pre-webkit Netfront was a piece of crap on the PSP and PS3.

Re:There's a shock.

[drinkypoo]

Has Nintendo ever done a decent job with software that isn't a game?

What do you mean by 'decent job'? And what do you mean by 'Nintendo'? And for that matter, what do you mean by 'done'?

If what you mean by 'decent job' is 'free from obvious security holes which could be utterly eliminated by following best practices' then no. No they have not. Everything they've ever done of any complexity has had holes in, and lots of. They patch it over and over as a result (at least, now we're in the era of the patch.) If what you mean is 'works well for users not trying to exploit it' then sure, they've done plenty. The original Wii is actually fairly impressive in that regard. And actually, if you just don't do IOS updates before you do HBC updates, it works pretty well for people who are trying to exploit it, as well.

As for the 'Nintendo' and 'done' parts, if you go back in time and consider the NDS in its original context, the web browser was actually pretty good, but that in turn is because they didn't actually write the rendering engine in-house. It used Opera. It's fairly useless now (unless you're writing pages specifically for it) but it was notably capable in its day. Not great, but capable.

Re: IoT bots?

Good thing Nintendo hasn't pushed the device as something you'd frequently take out in public and connect to random hotspots or anything.

A non-issue, just update the device!

[adosch]

That's great there's an announcement of using an outdated Webkit framework on the Nintendo Switch. Is this anything new? How's that any different if I got some IoT device to a smart phone (Android or iPhone) to installing any Windows/Linux OS to an Xbox/Playstation? Does what I had deployed out of the box already have packages that are already part of security updates that need to be updated?

Fun to report from a journalism perspective, but definitely not news or anything to debate. Just update the Nintendo Switch and stop the huge reach of trying to criticize the console or Nintendo feebly.

Re:A non-issue, just update the device!

[mcfedr]

Just because everyone does something crap doesn't make it ok - if Nintendo cared at all about their customers they wouldn't do this.

Early soft-mods?

[wardrich86]

This sounds like good news to me... if it allows unauthorized code to be run, it could very well be the beginning of the homebrew scene!

Mission Critical?

[DatbeDank]

While all holes and bugs should be fixed, this reads as FUD for me. Maybe those considering using their Nintendo Switches for accessing nuclear launch systems, banking software, and power infrastrucures should refrain from doing so.

Re:Mission Critical?

[Shados]

the main issues with consoles is that game publishers absolutely look at piracy numbers when picking what platforms to target.

This is (if i remember well...who reads the article?) just a userland bug right now, but once you can run pirated games, it gets noticed, and sometimes publishers will chose to skip the console for their next big game if it gets too bad (the DS ease of piracy was totally one of the factors that kept the PSP on the map back then).

So for a console that is already under heavy scrutiny from game developers, something like this happening this early (and for amateurish reasons) will absolutely make some think twice. And that's a shame for people like me who absolutely love the console's features (portable/dockable console is by far the most useful form factor for me)

Re:Mission Critical?

[Nethemas+the+Great]

It is FUD. Do people think Nintendo built all these devices the day before shipping?

Re:Mission Critical?

[barc0001]

It's Ars Technica. They make a hobby of bashing Nintendo any way they can.

Re:Mission Critical?

[geminidomino]

No, things haven't changed much. The DS and 3DS also have very easy methods of piracy, and that didn't stop either of them from absolutely dominating the handheld market.

I'm pretty sure GP's "piracy dooms systems to obscurity" meme is borne of the oversimplified copypasta about the failure of the Dreamcast.

Re:Mission Critical?

[barc0001]

You mean this review?

https://arstechnica.com/gaming/2017/03/nintendo-switch-review/

Check the closing words:

"Time to make the Switch?

At this point, it looks like buying the Switch as your only game console means missing out on everything from Mass Effect and Call of Duty to The Witcher and Assassin's Creed to Tomb Raider and Destiny. That list can go on and on. Maybe those major franchises will eventually be forced to pay attention to a Switch that absolutely flies off the shelves. For now, though, relying on the Switch for all of your gaming means risking that you'll miss out on a huge array of the most popular and well-received current franchises. That's a big price to pay for access to fully portable Zelda and Mario games.

Even as a secondary system, though, it's hard for me to recommend you go out and buy the Switch immediately unless you have a burning desire to play the latest Zelda literally anywhere. The system as it exists now feels a little like it was rushed to make it to store shelves before the end of Nintendo's fiscal year. After all, at launch there are some lingering hardware issues and extremely limited initial software support."

Not really seeing how that's a review saying how great the Switch is. It is written by Kyle Orland though, so that tone was expected.

Re:Console?

[nate_in_ME]

I've had a Switch since day one, and I've had a total of 3 updates:

• "Day one" system update that enabled eShop and other features
• Update to enable SD card storage(maybe that was just because I put an SDXC in it, not sure)
• "Day one" update for Zelda (not sure what it did, but it was there)

For what it's worth, none of these updates took more than 2-3 minutes to do. Would the system have been usable without them? Most likely (except for maybe the SD card one). So are there updates? Yes. Is it a "required" type of thing, where you basically always need a connection to be able to use it? No.

Re:Console?

[EvilSS]

Has anyone actually reported dead pixels? Everyone was spazing out over their dead pixel written policy (which is the same as just about every other LCD device manufacture's written policy) but I haven't seen any reports of people with actual dead pixels on their displays.

Re: No hacking involved

[Zero__Kelvin]

And like a 5 year old you will discover that your "easy" scheme doesn't actually work.