qcmadness

https://www.tomshardware.com/news/tegra-vulnerability-affects-every-nintendo-switch,36942.html

引用:

There's no shortage of people who want to load custom games on their console of choice. This so-called "homebrew" scene often delves into a console, figures out where it's most vulnerable, and then uses exploits meant specifically to allow them to run software you won't find in any game store. (And, yes, this kind of thing often enables piracy as well.) Which is exactly what several independent groups did to the Nintendo Switch.

Nintendo released the Switch in March 2017. In many ways, it's the ideal platform for homebrewers and pirates. It's a portable device, which are often favored by homebrewers, and Nintendo's decision not to launch the Virtual Console with the Switch could inspire people to use some less-than-legal methods to play their favorite games on the company's latest-and-greatest console. The Switch is just asking to be hacked.

It turns out that Nvidia and Nintendo accidentally gave homebrewers the keys to the kingdom with every Switch manufactured to date. Several groups have discovered a flaw in Nvidia's Tegra X1 chip--which is also used in the Nvidia Shield, Google Pixel C, and other devices--that allows for arbitrary code execution on the Switch. Exploiting that vulnerability allows Switch owners the opportunity to effectively "jailbreak" the device.

The vulnerability was first disclosed by ReSwitched, which dubbed it Fusée Gelée, but the folks at fail0verflow claim to have discovered it first and planned to make their own public disclosure two days after ReSwitched did. Either way, it's clear that this issue was simply waiting to be found, if only because two independent groups managed to do so while they were poking around the Switch to work on their various projects.

For fail0verflow, that project was getting Linux to run on the Switch, which is exactly what the group appears to have done:

Both ReSwitched and fail0verflow say there's no way to fix this vulnerability in Switch consoles that have already been sold. The problem is said to be introduced early in the manufacturing process, so Nintendo could address the issue with the next batch of consoles, but this particular genie isn't going to be put back in its bottle. Anyone willing to root around with their Switch will be able to use this vulnerability to run homebrew games.

Neither ReSwitched nor fail0verflow said they disclosed the vulnerability to Nvidia--fail0verflow did reveal the problem to Google because Tegra SoCs are used in some Android products, but the group didn't go straight to Nvidia. We've reached out to the company to learn more about the extent of the vulnerability and whether or not devices like the Nvidia Shield and other Tegra X1-equipped products are also affected by it.