It appears that the not-so-well hidden Nintendo Switch browser shipped with a bunch of old vulnerabilities that hackers were able to leverage. Yesterday, hacker qwertyoruiop (known for Jailbreaks of multiple iOS versions, and who also contributed to the PS4 1.76 Jailbreak) posted a screenshot of what seems to be a Webkit exploit running on the Nintendo Switch.

Update 2017/3/12: A proof of concept confirming the exploit has been released by another developer.

Nintendo Switch hack leverages known webkit vulnerability

According to the hacker, “all” he had to do was slightly tweak his existing jailbreakMe iOS Webkit exploit (hence the mention of iOS and pangu in the screenshot) and remove iOS specific code from it. Although qwertyoruiop has not provided any proof or release besides a screenshot, the hacker’s reputation makes it highly unlikely to be a hoax (I do not have access to the hack or a Nintendo Switch here to verify. It might actually be the first time in history that people could get their hands on a console hack more easily than on the console itself).

This implies Nintendo might have rushed the release of the Switch, if they released it with known Webkit vulnerabilities on the browser. I doubt they assumed people would not think of tampering with the hidden browser on day 1…

People with particular sets of skills (Liam Neeson can participate, but I was more thinking of people with a programming/hacking background) and access to a Nintendo Switch might be able to easily verify the claim: qwertyoruiop’s Jailbreak code can apparently be found here for people to play with.

I’m suspecting that many other hackers, in particular in the 3DS/Wii U scene, were already looking into similar vulnerabilities. Qwertyoruiop has already started digging deeper, mentioning that the Switch’s syscalls don’t look like FreeBSD. This goes in the direction of what Plutoo had said before, that the Switch’s OS might be a new iteration of the 3DS OS code, rather than FreeBSD based (it’s still very likely however that the Switch uses elements from the FreeBSD kernel, even if the OS is not based on FreeBSD)

Nintendo Switch hack: what it means for the end user

For now, this hack doesn’t mean much for the end user: nothing’s been released yet, and this is only a userland eploit. Although it might allow running unsigned code, hackers are typically after a bigger prey: Kernel access. I wouldn’t be surprised if nothing was released until hackers get a better understanding of the console’s internals, and potentially find privilege escalation vulnerabilities (kernel exploits).

But since the vulnerability is apparently public, it is very likely that Nintendo will quickly release a firmware update with a patch for the Switch. As always, people looking to hack their console will want to wait patiently on a low firmware.

source: qwertyoruiop