The Switch has suffered a huge security breach allowing hackers to take control of your console. Nintendo strikes back.
A group of well-meaning hackers recently discovered a major security flaw on Nintendo’s small console. A very serious breach that would allow ill-intentioned people this time to take control of your console and get their hands on all of your data.
The Switch victim of a major security breach
Named “ENLBufferPwn”, this exploit was present on 3DS, Wii U and Nintendo Switch. The hackers managed to identify the flaw in several dozen different games. It allowed hackers to infiltrate consoles after being put in contact with other players, such as during simple online games, as explained by one of the people who discovered the bug.
Here is “ENLBufferPwn” (ID Pending), a severe vulnerability in many first party 3DS, Wii U and Switch games. It allows remote code execution in a target console by simply having an online game session with the hacker. Combined with other operating system exploits, this vulnerability could allow an attacker to take full control of the console, steal sensitive information, or make audio/video recordings. It scored 9.8/10 (Critical) in the CVSS 3.1 calculator.
Not to alarm the crowds, the hacker group quickly contacted Nintendo and worked together to resolve the issue. The flaw is not new and if it is publicly revealed today, it is because it is almost completely resolved. Nintendo has indeed updated a large number of its games, such as Mario Kart 7 which had not received a patch for almost 10 years.
Nintendo released patches for affected games in 2022. A list of games known to have had the flaw at some point can be found in the vulnerability report.
I would also like to thank Nintendo for giving me the opportunity to collaborate in the discovery and investigation of this vulnerability, and for devoting resources to fixing it in older titles. I hope these actions have helped create a safer online gambling environment.
Update your games now if you haven’t already!
For now, the games affected by the problem have almost all been patched, but research continues and other updates should certainly arrive. We can therefore only advise you to be careful and above all to update ALL your games. Here is the list of games that are/have been victims of the security breach to date:
- Mario Kart 7 – patched in v1.2
- Mario Kart 8 (Wii U) – patch pending
- Mario Kart 8 Deluxe (Switch) – patched to v2.1.0
- Animal Crossing: New Horizons – patched in v2.0.6
- ARMS – patched in v5.4.1
- Splatoon
- Splatoon 2 – patched v5.5.1
- Splatoon 3 – patched in 2022, exact version unknown
- Super Mario Maker 2 – patched in v3.0.2
- Nintendo Switch Sports – patched in 2022, exact version unknown
To update your games, simply connect to the internet and go to the main menu of your console. Before launching the game, your console should automatically offer you the latest patches available. If not, you can always use the search option manually.
