The Nintendo Switch Has Been Hacked, and There's No Turning Back
The Nintendo Switch has an exploit that lets hackers upload and run a custom operating system on the console, as a team recently demonstrated. The hack is more versatile than it first appears, with hackers now able to run custom apps and games on the device.
Due to the nature of the vulnerability, there's very little that Nintendo can do about it, as well. In what is now called an "unpatchabable exploit," hackers were able to find a loophole in the NVidia Tegra X1 processor itself, making a software update to cover it up impossible.
The hack was independently found by veterans from fail0verflow from the Fusée Gelée hack by Kate Temik, as Eurogamer reported. Nintendo fans themselves, the hackers did disclose the exploit in full to Nintendo, Google and Nvidia some time ago before releasing the exploit, which the group originally set out to do on Wednesday, April 25.
The team explained their reason for disclosing the exploit in a recent blog post. "Choosing whether to release an exploit or not is a difficult choice," the team admitted.
"Given our experiences with past consoles, we've been wary of releasing vulnerability details or exploits for fear of them being used primarily for piracy rather than homebrew," the fail0verflow team added, noting that even so, it might have been too late to stop the incoming tide of pirated Switch games anyway.
"That said, the Tegra bootrom bug is so obvious that multiple people have independently discovered it by now; at best, a release by other homebrew teams is inevitable, while at worst, a certain piracy modchip team might make the first move," the team warned in its message, which came with a video demonstrating a Linux operating system, complete with browser and other apps, running on a Switch.
As for releasing the exploit on April 25, it was the date that the disclosure window expires. This means that 90 days before last Wednesday, the team had already disclosed the exploit to Google, Nintendo and Nvidia, and this information is now unrestricted.
That said, someone already published the Tegra X1 bug two days before April 25, so the secret is already out anyway whether fail0ver publishes their summary or not. Google is especially vulnerable to this exploit, as well, since many Android devices also use Nvidia's Tegra chips.
With this, the Nintendo Switch is now wide open for hackers to build sideloaders that can run pirated Switch apps and games on the console. And since it's the Nvidia component that is the focal point of the hack, there's little Nintendo can do about it other than to make sure any newer devices they put out have an updated Tegra X1 chipset.
As for Nintendo, the company has "nothing to announce on this topic" as of this time, according to The Verge.