The Nintendo Switch is currently the hottest gaming console in the market. Yet word has it that a hacker has already cracked the Switch’s code in less than two weeks since the console’s launch. Tyler Reguly, Manager of Software Development at Tripwire commented below.
Tyler Reguly, Manager of Software Development at Tripwire:
“This is one of those situations where the concern is minimal. If I had a Switch, this wouldn’t concern me nor would it impact my usage of the Switch. While vulnerabilities like this are great for hardware hackers and researchers that want to learn more about the inner workings of the device, they simply aren’t realistic attack scenarios that present much risk to the end user when using the device as designed. We’re talking about a browser exploit on a device that, while it contains a browser, is not designed for browsing. The only real risk to the end user is in cases where they are on someone else’s network or DNS hijacking can occur. This means that students living in residences may be at the most risk but it’s still minimal and there are much easier ways for attackers to target users.
In the end, we’re talking about a vulnerability that showed up on NVD less than 6 months ago, the expectation that a product ship free of vulnerabilities is a pipe dream given how fast technology changes and new vulnerabilities are discovered. How often do you buy a product, bring it home, and the first thing it does is update the firmware. We have to hope that Nintendo is working on a fix or has one already in testing, but there’s nothing irresponsible about this process, it’s exactly what I would expect from a modern consumer product.
As for gamers, what are they to do? Keep enjoying their console, use it as it is intended, and hope that Nintendo irons out the technical issues affecting game play. While every vulnerability is concerning, given the platform and attack vector, some people will find that their light bulbs and slow cookers are introducing more risk than the Nintendo Switch.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.