Critical vulnerability in Nvidia's Tegra X1 SoC can be used to hack Nintendo Switch

If you have devices like Nintendo Switch or Google Pixel C, you probably don't want to miss this news: a critical vulnerability - dubbed Fusee Gelee - has been discovered in the SoC that powers your device.

The vulnerability allows an attacker to execute unauthenticated arbitrary code on your device. Here's how the researchers explain the vulnerability:

As this vulnerability allows arbitrary code execution on the Boot and Power Management Processor (BPMP) before any lock-outs take effect, this vulnerability compromises the entire root-of-trust for each processor, and allows exfiltration of secrets e.g. burned into device fuses.

Found by researchers at ReSwitched, the vulnerability is "believed to affect Tegra SoCs released prior to the T186 / X2" and works independent of software stack. What makes the bug critical and worrisome for millions of Switch users is that it can't be patched through a downloadable update.

Nvidia and vendors like Nintendo have already been intimated about this vulnerability. The ReSwitched team also prepared a proof of concept exploit for the Nintendo Switch, as can be seen in the following image.

You can read the complete details by heading to the Source link below.

Source | Via

Reader comments

  • Anonymous

Cars should be owned by those who bought them and not the government. Requiring driving license & having to follow traffic rules is shady at best, downright tyrranical at worse. Let people be unsafe if they so want to. Can't part a person fr...

  • Anonymous

Finally, devices should be owned by those who bought them and not their mother company. If anything a manual switch should exist (by law) to allow for products to be owned by its byers (obvioualy they lose warranty when pushed). Anything else is...

  • Anonymous

"All the owner of first gen Switch will be screwed." Which is why there is exactly 0% chance of that happening. It would be incredibly stupid on their part to alienate 17.79 million customers, most of which are their core fans. It will hurt them...