Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×
Nintendo Security Operating Systems Privacy Software Hardware

Nintendo Switch Ships With Unpatched 6-Month-Old WebKit Vulnerabilities (arstechnica.com) 89

An anonymous reader quotes a report from Ars Technica: Nintendo's Switch has been out for almost two weeks, which of course means that efforts to hack it are well underway. One developer, who goes by qwertyoruiop on Twitter, has demonstrated that the console ships with months-old bugs in its WebKit browser engine. These bugs allow for arbitrary code execution within the browser. A proof-of-concept explainer video was posted here. The potential impact of these vulnerabilities for Switch users is low. A Switch isn't going to have the same amount of sensitive data on it that an iPhone or iPad can, and there are way fewer Switches out there than iDevices. Right now, the Switch also doesn't include a standalone Internet browser, though WebKit is present on the system for logging into public Wi-Fi hotspots, and, with some cajoling, you can use it to browse your Facebook feed. The exploit could potentially open the door for jailbreaking and running homebrew software on the Switch, but, as of this writing, the exploit doesn't look like it provides kernel access. The developer who discovered the exploit himself says that the vulnerability is just a "starting point."
This discussion has been archived. No new comments can be posted.

Nintendo Switch Ships With Unpatched 6-Month-Old WebKit Vulnerabilities

Comments Filter:
  • by Opportunist ( 166417 ) on Tuesday March 14, 2017 @06:03AM (#54035197)

    You see, on consoles such things get fixed incredibly quickly. Not because console makers are security conscious, but because such holes allow people to actually own the consoles they paid for.

    • I am quite understanding of console makers' desire to protect their consoles from running pirated games. I am less understanding when their anti-piracy measures go as far as to block backups of saved games, which means if you have to send your console in for repair all your saved games may very well get wiped. There are already horror stories about the Switch in this regard. I fully support homebrew on the Switch if only to fix this intentional flaw. If it enables piracy in the process, too bad for Nintendo
      • If you can manipulate save games, it may well open up an exploit that can trigger a flaw that allows you to compromise the system.

        Game makers are notorious for forgoing sanity checks on save games.

      • by tlhIngan ( 30335 )

        I am quite understanding of console makers' desire to protect their consoles from running pirated games. I am less understanding when their anti-piracy measures go as far as to block backups of saved games, which means if you have to send your console in for repair all your saved games may very well get wiped. There are already horror stories about the Switch in this regard. I fully support homebrew on the Switch if only to fix this intentional flaw. If it enables piracy in the process, too bad for Nintendo

    • by DrXym ( 126579 )
      And by "actually own" you mean "pirate stuff". Consoles are closed platforms because the billions in profits come from making you pay to play stuff on the thing. This should not come as a shock to any prospective owner.

      Owners who bought it on the basis of being a closed system should be glad its kept closed because it means more premium titles for them to play and a platform which isn't dead before its time. Exploited systems rapidly descend into a cesspit of shovelware and an early grave.

      • by adolf ( 21054 )

        So every hacked console, ever (which is just about all of them except the current gen), was a dismal failure?

        • by DrXym ( 126579 )
          Yes by the measure of what it could have been without those hacks. Platforms that don't or can't be fixed (e.g. DS, Wii) get blackballed or 3rd parties churn out shovelware because there is no profit from aiming any higher.
          • by adolf ( 21054 )

            We can't measure against what they could have been, because we cannot know how that road would have played out.

            You're presenting speculation and opinion as fact.

            Come back with a real argument, mmkay?

    • by e r ( 2847683 )
      Do you use Windows? More to the point, do you use Windows 10?
  • Has Nintendo ever done a decent job with software that isn't a game?
    • Has Nintendo ever done a decent job with software that isn't a game?

      Chill out buddy. Our whole life is a game. Enjoyment over finishing #1.

    • Has Nintendo ever done a decent job with software that isn't a game?

      What do you mean by 'decent job'? And what do you mean by 'Nintendo'? And for that matter, what do you mean by 'done'?

      If what you mean by 'decent job' is 'free from obvious security holes which could be utterly eliminated by following best practices' then no. No they have not. Everything they've ever done of any complexity has had holes in, and lots of. They patch it over and over as a result (at least, now we're in the era of the patch.) If what you mean is 'works well for users not trying to exploit it' t

  • by adosch ( 1397357 ) on Tuesday March 14, 2017 @08:34AM (#54035659)

    That's great there's an announcement of using an outdated Webkit framework on the Nintendo Switch. Is this anything new? How's that any different if I got some IoT device to a smart phone (Android or iPhone) to installing any Windows/Linux OS to an Xbox/Playstation? Does what I had deployed out of the box already have packages that are already part of security updates that need to be updated?

    Fun to report from a journalism perspective, but definitely not news or anything to debate. Just update the Nintendo Switch and stop the huge reach of trying to criticize the console or Nintendo feebly.

    • by mcfedr ( 1081629 )
      Just because everyone does something crap doesn't make it ok - if Nintendo cared at all about their customers they wouldn't do this.
  • Early soft-mods? (Score:4, Insightful)

    by wardrich86 ( 4092007 ) on Tuesday March 14, 2017 @09:12AM (#54035819)
    This sounds like good news to me... if it allows unauthorized code to be run, it could very well be the beginning of the homebrew scene!
  • by DatbeDank ( 4580343 ) on Tuesday March 14, 2017 @09:23AM (#54035887)
    While all holes and bugs should be fixed, this reads as FUD for me. Maybe those considering using their Nintendo Switches for accessing nuclear launch systems, banking software, and power infrastrucures should refrain from doing so.
    • by Shados ( 741919 )

      the main issues with consoles is that game publishers absolutely look at piracy numbers when picking what platforms to target.

      This is (if i remember well...who reads the article?) just a userland bug right now, but once you can run pirated games, it gets noticed, and sometimes publishers will chose to skip the console for their next big game if it gets too bad (the DS ease of piracy was totally one of the factors that kept the PSP on the map back then).

      So for a console that is already under heavy scrutiny f

    • It is FUD. Do people think Nintendo built all these devices the day before shipping?
    • It's Ars Technica. They make a hobby of bashing Nintendo any way they can.

Real wealth can only increase. -- R. Buckminster Fuller

Working...