Security

'Unpatchable' Nintendo Switch exploit is perfect example of the importance of firmware security

The exploit, which affects all Nvidia Tegra X1 systems, allows arbitrary code execution at the bootROM level.


Building a slide deck, pitch, or presentation? Here are the big takeaways:
  • An unpatchable flaw in Nvidia Tegra X1 SoCs makes it possible for an attacker to gain control over a device to run arbitrary code.
  • The flaw applies to all Tegra X1 SoCs and can't be fixed—Tegra X1 bootROMs can't be patched once they leave the factory.

A vulnerability in Nvidia Tegra X1 system on a chip (SoC) processors allows an attacker total control over the device at the bootROM level, and there's nothing Nvidia or Tegra X1 hardware manufacturers can do about it.

The exploit, called Fusée Gelée by its discoverers Kate Temkin and ReSwitch, has already been used to install a custom ROM on a Nintendo Switch.

Nintendo's tablet-like Switch runs on a Tegra X1, as do other Android tablets, making this vulnerability concerning to any manufacturer who builds systems on the X1, and even those building on other Tegra chips, Temkin said. The nature of the attack makes a software patch impossible, and Temkin recommends anyone with an affected device should move on to a new one when possible.

Why Fusée Gelée is unpatchable

The Fusée Gelée vulnerability requires gaining access to the Tegra X1's USB recovery mode, which has an inherent flaw that allows an improperly coded USB control request to overflow the bootROM's direct memory access (DMA) buffer.

Several requests that can be sent to the bootROM are improperly coded: A proper request would only return the amount of bytes the handler has available, but some return however many bytes a host requests.

That coding error allows a host to request up to 65,535 bytes, more than enough to overflow the DMA buffer. Once overflowed, an attacker can copy data into the protected application stack and execute any code they desire.

The most obvious solution to Fusée Gelée would be to issue a software patch to fix the bootROM, but here's where a problem arises: bootROM patches on Tegra X1 chips are impossible once a chip leaves the factory.

Ipatches, which are patches released at the factory during chip production, would be able to fix the flaw on X1 devices that haven't left the assembly line yet, but anyone who has a current Tegra X1 device is vulnerable to a Fusée Gelée exploit.

An important warning about hardware and firmware security

There are several lessons to be taken away from the Fusée Gelée exploit, and they apply to OEMs as well IT professionals.

First off, manufacturers need to be sure that their hardware has been properly tested against all possible attacks. Fusée Gelée allows a device owner to hack their own hardware, which isn't a risk itself, but it could also allow an attacker to write code to remotely execute a similar attack.

Firmware security is a critical part of device design that can easily be exploited—just look at Spectre and Meltdown. Had Intel been diligent in seeking out vulnerabilities, it might not be facing a vulnerability in nearly every single processor it ever created.

SEE: IT leader's guide to reducing insider security threats (Tech Pro Research)

For IT support staff and security professionals, Fusée Gelée paints a whole other set of complications: hardware security.

In the case of the Nintendo Switch, hardware modification was necessary to force the device to boot into recovery mode. Doing so isn't complicated though: It just requires the bending of an exposed pin.

It's not known what kind of hardware exploits may be necessary to force other Tegra X1 devices into recovery mode, but it's best not to find out and to implement good hardware security policies instead. Publicly accessible devices should be protected from tampering by putting them in locked cases or in secure mounts.

From a security perspective, Tegra X1 devices should be closely monitored to make sure they aren't on a business network while in a modified state. While the risk of problems from a rooted device is minimal, they still open up possible attack avenues that may not be expected.

Also see

switchhax.jpg
Image: Kate Temkin/ReSwitch

About Brandon Vigliarolo

Brandon writes about apps and software for TechRepublic. He's an award-winning feature writer who previously worked as an IT professional and served as an MP in the US Army.

Editor's Picks

Free Newsletters, In your Inbox