A few months ago, Security researchers from ReSwitched had found a Nintendo Switch flaw that would make it possible for hackers to run arbitrary code on all the current consoles. It was called “Fusée Gelée” or “Frozen Rocket” in hacker circles. It bypasses software that’s supposed to normally protect the critical bootROM and exploits buggy code in the NVIDIA Tegra X1’s USB recovery mode. The problem lies in the fact that apparently it is “unpatchable” and can let Switch users run pirated software on all the existing hardware.
Now Nintendo has been reportedly selling Switch units already fixed at the factory and protected against this security exploit. The report comes from Switch hardware hacker SciresM, who says that at least some Switches currently are available in retail units that are resistant to this cold boot exploit.
“Bad News: Reports of new Switches in the wild not being vuln to f-g… probably updated ipatches. Good news: they’re coming with 4.1.0 for now, which is vuln to deja vu. Friendly reminder: if you want a hacked switch, don’t update. The lower the better. This is still very true.” was Michael’s (@SciresM) tweet about it on July 10, 2018.
Bad News: Reports of new Switches in the wild not being vuln to f-g… probably updated ipatches.
Good news: they're coming with 4.1.0 for now, which is vuln to deja vu.
Friendly reminder: if you want a hacked switch, don't update. The lower the better. This is still very true.
— Michael (@SciresM) July 10, 2018
According to SciresM, Nintendo has probably patched the system’s Nvidia Tegra chip for burning new protective code into the boot ROM, which effectively cuts off the USB recovery mode overflow error that would give access to hackers.
While the updated consoles, codenamed “Mariko” haven’t officially hit the shelves yet, Kate Temkin, another member from the team that discovered Fusée Gelée said that the patched consoles are likely to be different from Mariko, because they ship with firmware 4.1, and the overhauled consoles support the newer firmware 5.0. This indicates that these are temporary units and aren’t entirely unsusceptible to hacking unless the software is updated since firmware 4.1 is susceptible to other kinds of breaches.