In 2016, Sighax – a BootROM exploit for the Nintendo Game Consoles 3DS/2DS/New3DS was introduced by a group of hackers, this left around 62 million devices vulnerable. This allowed anyone to run a fake-signed firmware on any of the Nintendo consoles. The company was unable to fix these devices through firmware update as the vulnerability was at the hardware level.
In 2018, Fusée Gelée - another vulnerability was found in Tegra X1 and Nintendo switch allowing attackers complete control over the device at BootROM level. Just like in case of Sighax, manufacturers couldn’t fix this vulnerability since it was at the hardware level. Nintendo is not the only company using Tegra X1 there are other manufacturers using the same chip too, making them vulnerable to Fusée Gelée.
Both exploits had one thing in common, the vulnerability was found at the BootROM level. BootROM as known is read-only memory or write-protected flash embedded inside the processor chip, one cannot really modify this and hence we have the Hackers.
Exploiting or jailbreaking a game console means accessing the devices’ default operating system (beyond the meager features). This affects the device in a way that it was never intended by the creators and developers of the operating system. You can run an unsigned code/program which your manufacturer doesn’t want you to run. You can even back up saved games.
Upon this entire process of dumping an unsigned code, it clearly waives off any warranty you have on your game console and the same will be null and void because you have broken the user contract. Also, manufactures (like Nintendo) might ban a modified switch or console from companies’ online services and possibly the user account.
One hacks consoles for many reasons and indeed running my favorite games which are not supported under the current firmware. What manufacturers are struggling these days is the onslaught of mass piracy due to the availability of such vulnerabilities and exploits in the underground market. But for the manufacturer, they need to be sure that their hardware is well tested against all attacks and exploits.
These days manufacturers offer the highest amount of bug bounty to people for responsibly disclosed bugs at the firmware level. This helps in putting a stop to mass piracy and at the same time, giving the manufacturer an area to restructure their hardware. Example: Nintendo offers a bounty of up to $20,000 for hacking their game consoles.
It is observed that despite such vulnerabilities there are no drop-in sales of game consoles. In fact, sales have increased since the release of such exploits.
In terms of securing game console software / Operating System, companies are doing a great job.But when vulnerabilities like Sighax & Fusée Gelée arise at the hardware level, the whole system is compromised. Even if Fusée Gelée - Tegra X1 and Nintendo Vulnerability allow a device owner to hack their own console, which might not sound risky. However, it will allow malicious actors to write codes remotely to execute a similar attack and access the hardware.
Therefore it is important for the manufacturers to keep working harder to secure electronic devices at the hardware level to build a more secure future.
At hardwear.io, we have created a platform for game console hackers and businesses to interact and collaborate! This year we have a whole village on 'Dumping the ROM of the Most Secure Sega Genesis Game Ever Created' by Brandon Wilson. Also, our Keynote Speaker Kate Temkin is well-known game console hacker.