asdr-intro-bg1.png

Mobile App Security Insights

Nintendo Switch: Already Hacked?

Apr 6, 2017 1:21:48 PM / by Sung Cho

Nintendo-Switch-Already-Hacked-Blog-IMG.png

The rise and proliferation of mobile technology has truly been remarkable to behold. In just a few short years, smartphones and mobile applications have become the norm. Virtually every business has established its own app and is actively competing to find new and innovative ways to leverage this technology to boost consumer engagement. Yet, despite this mad dash to win and retain customers, many app developers have failed to place the necessary emphasis on application security.

Take, for instance, the recent launch of Nintendo Switch, the latest system from the video game company. The Switch takes a hybrid approach to gaming, combining a traditional household console with a mobile tablet that allows you to take the gameplay anywhere you are. Despite this fresh approach, recent reports have revealed that the Nintendo Switch may already be the target of hacking, indicating a negligence in the security protocols installed into the system.

The hacker -- who uncovered a simple browser exploit within the Switch -- claims that he just repurposed a hack initially used to jailbreak Apple devices running iOS 9.3. Typically, a browser exploit is described as a piece of malicious code that identifies and uses a software vulnerability to clandestinely manipulate browser settings. Such is the case with the Switch, as other hackers have since confirmed the availability of the browser exploit. Moreover, a proof of concept has been released that further details what is involved in the code.

This turn of events is particularly surprising -- most of all, to Nintendo, we presume -- since the Switch doesn’t have a fully functional browser installed into its mechanism from the outset. Rather, the browser only becomes known once a WiFi network and the required HTTP access are established. Yet, already, hackers have identified tools to hijack this setup and divert it to other websites, no doubt for their own malicious means.

As for the browser itself, it is reportedly based on Webkit technology -- one of the most popular layout engine software components, powering Safari and (in part) Google Chrome -- but relies more heavily on an older bit of coding that is more liable to attack. This particular codebase has since been patched, but now that it has been penetrated, the initial security that Nintendo once had in place to guard against hackers has been peeled away. Now the operating system is more sensitive to subsequent attacks.

Thankfully, the existing exploit only marks the first step toward unraveling the protections Nintendo has in place for the Switch. Without any tools to generate code, Webkit hacks provide a limited ability to penetrate the primary code at any level of access. So the risk of custom firmware or even piracy is currently at a minimum, though the fact that even this much progress has already occurred so early in the Switch’s launch certainly doesn’t bode well.

Now that a user-level browser exploit has been identified, hackers are free to peruse the Switch’s operating system and begin to map its design. Once they have a clear understanding of its operation, it’s only a matter of time before it is further compromised, leading to a far more severe lapse in application security. To prevent this from taking place, Nintendo needs to institute the necessary firmware patches to eliminate this exploit as soon as possible.

For now, the patched system will keep hackers at bay, but the first blow has been delivered by malicious users, and now that a weakness has been found, the hacker community will likely remain even more persistent in their pursuit of more information regarding how the Switch works and how it can be penetrated going forward. Here’s hoping that Nintendo is able to stay one step ahead of its attackers in the months ahead, for this news is thus far a portentous sign of what’s to come.

Truly, if a company as renowned and beloved as Nintendo can fall prey to the whim of malicious hackers, then your apps could just as easily be vulnerable to attack. Let this recent misfortune with the Nintendo Switch serve as a reminder that effective application security requires constant vigilance. Just as technology continues to move swiftly from a developer standpoint, so too are hackers evolving how they target and exploit any weaknesses they can find within your coding.

Don’t let your mobile app be the next one on hackers’ hit list. Reinforce your security measures now before it’s too late to prevent an attack on your app and keep your users’ sensitive data under lock and key. After all, it’s all too easy for experienced hackers to undermine all the hard work you’ve put into developing your app and cultivating a devoted customer base. It’s far easier to prepare for the worst in advance than to mitigate the damage in the aftermath of a potentially fatal blow to your business.

Cloud Based App Security Start Now

Topics: News, Application Security

Sung Cho

Written by Sung Cho

Head of Marketing at SEWORKS Co., Ltd.