Nintendo Switch Bootrom Hack Means It’s Jailbroken For Life
An exploit has been found in the Nvidia’s Tegra X1 processor which appears to blow the Nintendo Switch hardware wide open for customization.
Hacker Katherine Temkin, working in conjunction with the ReSwitched team, have put together an “exploit chain” which allows a custom payload to be injected to Switch hardware.
Temkin and the team have dubbed their vulnerability the Fusée Gelée coldboot vulnerability and have included an extensive write-up and proof-of-concept here on how a custom payload could be used on Nintendo’s Switch hardware. Under normal circumstances, a vulnerability would only affect a small number of devices running specific firmware and wouldn’t be a huge concern for a manufacturer like Nintendo.
However, where the Fusée Gelée coldboot vulnerability is concerned, it seems entirely unpatchable and affects all Nintendo Switch hardware, regardless of age or the firmware that it’s running.
The issue lies directly in the heart of the Tegra X1 bootrom, which means that it can’t be modified or fixed after it leaves the factory. That essentially means that there are approximately 14.8 million devices out in the wild which can be subjected to this hack. It also means that anyone with the requisite knowledge would be able to run homebrew software, customized apps and games (including pirated ones) which allows these programs to be installed and executed on Nintendo’s hardware.
Nintendo has previously been able to patch hacks through software updates but due to the hardware nature of this vulnerability discovery that simply will not be possible in this instance.
Nintendo isn’t likely to simply accept this vulnerability and allow Nintendo Switch owners to do whatever they want with their devices should some homebrew be released which allows them to take advantage of it. The Japanese company will likely have a trick or two up its sleeve which involves potentially trying to stop device owners from accessing its servers when running a hacked game or software which hasn’t been officially sanctioned for use of the Switch. With that said, it’s very likely that a lot of Switch owners will actually want their devices hacked in order to save game data to an SDcard, which, bizarrely, is something which isn’t offered by Nintendo at an official level.
Nintendo has yet to make any official comment on the situation. It’s likely that a slight modification to the future hardware model will have this vulnerability patched sooner rather than later. But for current model already on sale and in hands of consumers, this vulnerability means they are essentially pwned for life.