The Nintendo Switch is an impressive device so it isn’t surprising to know that there are people who want to get the most out of the hardware, even when it goes against Nintendo’s intentions for it. Hackers and modders have, time and again, tried to look for exploits to gain access to and take control of the Switch’s system, only to be foiled by the next firmware update. Hope springs eternal, however, now that hacker Katherine Temkin and the team at ReSwitched revealed an exploit that cannot be closed by any and all firmware updates.
They’re calling it Fusée Gelée and its an exploit that can be found inside NVIDIA’s Tegra X1 chip. To be precise, it involves a bug in the chip’s USB recovery mode where hackers can send data that would easily cause an overflow and gain access to restricted portions of the Switch’s memory. From there, they will be able to run arbitrary code to gain control of the system and perhaps run other operating systems and software on the Switch.
Getting to that USB recovery mode, however, is easier said than done. Short of opening up the Switch, the only way to get there would be to short out a pin on the right side of the handheld. Amusingly, a simple piece of wire can do the trick.
The good but also bad news is that this exploit cannot be undone, claims Temkin. It is found in the extremely secure portion of the NVIDIA Tegra X1 chip that is impossible to access once the chip leaves the factory. In short, almost like the Intel Meltdown and Spectre exploits, it’s a flaw deep in the hardware that will require a complete replacement of the chip.
This is also the reason why Temkin and ReSwitched hasn’t yet disclosed all the details about the exploit, giving NVIDIA time to notify its chip customers first. As the exploit affects every Tegra X1 device, not just the Nintendo Switch, it has the potential to do much damage if left undisclosed. And despite the hacker stereotype, Temkin believes in responsible and open disclosure, in contrast to some of the hacker teams in the Switch space.