The just-released Nintendo Switch is proving to be quite popular among gamers, but it has also caught the attention of hackers who may be interested in exploiting vulnerabilities present in the console. It certainly wouldn’t be the first time such a thing has occurred, as we think back on jailbreaks that were released for the PS3, the Nintendo Wii, and other popular game consoles.

It just so happens that a vulnerability discovered in the Nintendo Switch has a slight iOS correlation — the console uses an outdated version of WebKit, the same version of WebKit used to leverage an iOS 9.3.x jailbreak in the past. That’s not to say that a Nintendo Switch jailbreak is imminent or even in the cards at this time, but a known working exploit is available to make arbitrary code execution a possibility.

Synology RT2600ac: The AirPort Extreme replacement.

Since the exploit is in WebKit, hackers would need access to a WebKit-based browser. Nintendo doesn’t make a user-facing browser available in most circumstances, and when it does, it can only venture to a captive portal — that landing page that you often encounter when connecting to a Starbucks Wi-Fi hotspot or an Airport hotspot. However, with a little patience, a user could establish a proxy server on the local Wi-Fi network and intercept traffic — forcing the Switch’s browser to a locally hosted web page instead.

From there, it’s just a matter of taking advantage of the old version of WebKit susceptible to the exploit. Details on the CVE-2016-4657 vulnerability can be found here, but it basically amounts to a WebKit exploit in versions of iOS prior to iOS 9.3.5 that allowed remote attackers to execute arbitrary code via a specially crafted website. This same exploit was used to jailbreak iOS 9.3.x in the past via qwertyoruiopz’s neo version of the infamous JailbreakMe.

Watch LiveOverflow’s awesome proof of concept and explanation

Apple addressed the WebKit exploit with the release of iOS 9.3.5 on August 25, 2016. Thus, it’s been a long seven months since this hole was addressed. Oddly enough, Nintendo decided to ship its latest console with that same old version of WebKit, perhaps reasoning that since there is no user-facing browser that it’s not a high priority. Or maybe they just figured they’d fix it later in a future update.

Whatever the case may be, you can be sure that Nintendo is now aware of this issue, and will likely be issuing an update to bring its WebKit browser up to date in the near future. As for whether we’ll see a Nintendo Switch Jailbreak, it’s definitely not out of the realm of possibilities. Whether we see one now, or see one in the future, I think enough people care about the Switch to make it too tempting for skilled hackers to pass up.

Image Credit: LiveOverflow

About the Author