Performing XSS with a…Nintendo Switch

For all of you who own Nintendo’s latest and greatest console, you may have noticed the system got a firmware update a few days ago to version 12.0. Less then 24 hours into this new firmware version being available I noticed a rather interesting exploit in some of the functionality of the firmware at this stage.

Before we begin, lets be clear: This exploit will not allow you to run unsigned code on the Switch. There is simply no way I would share this exploit publicly if it did. What this exploit does allow someone to do is run their own Javascript code on any device that connects to the Switch using the Switch’s new Screenshot Transfer utility. As this can be done on unmodified Switch hardware/software, I believe this vulnerability deserves a bit of a PSA. I have made Nintendo aware of this vulnerability prior to posting, so this should be patched out soon.

Unfortunately I have to redact some things here…

So, minor update, Nintendo has gotten in touch and has requested that I not have the hacking specifics up here for a little while, presumably until they can get it fixed. As of version 12.0.1, that has not happened yet, and I don’t know if it will for a while.

I have nothing but respect for Nintendo as a company and the products they create, and thus I will be honouring their request. As soon as the time comes, however, I will update this with all the technical information one could want. All I will say now is that it would not be hard for a decently-skilled malicious individual to find it on their own.

For now, I believe the information above is enough to serve the purpose of benefiting the general public. For those that want to protect themselves, the best advice would be to not use the function from a Switch you don’t trust, and some general advice to be vigilant about what QR codes you scan in.