Using an iPhone Bug to Hack the Switch

Reusing open-source code is common today, as it allows the release of better products at a faster rate. It also comes with security implications, with vulnerabilities passed on to multiple projects.

Nintendo Switch was released two weeks ago, and hackers have already found a way to achieve remote code execution on it. The game console lacks a proper web browser, but WebKit has been integrated to connect the device wirelessly in public places where interaction with a captive portal is necessary before joining the WiFi network.

The WebKit version in Switch is an older one, and it contains a memory corruption vulnerability (CVE-2016-4657) exploited in the past by the Pegasus malware package to silently jailbreak iPhones running on iOS 9.3 and below. The malware used the flaw in an initial stage of the attack with the end goal of spying on specific targets.

Writing the code to exploit the bug is a task for the more technical, but taking advantage of the flaw is not. A video walkthrough explaining the steps for hacking the video game console has been published by LiveOverFlow, while a group of researchers released PegaSwitch, a tool that helps take over the WebKit component and “read/write memory, call native functions, and otherwise explore the functionality of the Switch from the domain of the WebKit process.”

The hacking of Nintendo Switch is not extraordinary in itself, but breaking it because of reused code is something that should be considered carefully, especially by developers. Using open source code comes not only with benefits but also with the responsibility to follow any developments that may have a negative impact on the product, and to update it as quickly as possible.

Photo credit: LiveOverflow