Nintendo Switch Already Jailbroken With Webkit Exploit That Allows Unauthorized Mods

Nintendo Switch Zelda

Well that did not take long. It has been less than two weeks since Nintendo released its hybrid Switch console and already someone has managed to hack the device. That bit is perhaps not too surprising—it was only a matter of time, after all—though the unexpected part is that the inventive hacker used an old WebKit exploit to thwart the Nintendo Switch's intentionally locked browser features.

The hacker goes by "qwertyoruiop" on Twitter. If the name looks familiar, it's likely because he is the same one who contributed to the popular PlayStation 4 1.76 jailbreak. He has also post jailbreaks for several versions of iOS, Apple's tighly guarded mobile operating system used on iPhone, iPad, and iPod touch devices. Now he has put that expertise to use on the Nintendo Switch.

His method is a Webkit exploit running on the Switch. The console doesn't actually have a built-in browser, but it does use WebKit to render websites in certain situations. For example, when linking Twitter or Facebook account to the Switch. Fellow hacker LiveOverflow explains things in more detail in the following YouTube video:



In short, qwertyoriup is using an old exploit from iOS 9.3.5. Apple patched this last year, though for whatever reason, Nintendo left it unpatched on the Switch. Perhaps it was an oversight, or maybe Nintendo was in a rush to bring the Switch the market. Either way, it can be expected that Nintendo plug the security hold in a future firmware update, as the company is not keen on users loading up illegal ROMs.

That is what this hack makes possible. It opens the door for custom apps that allow for the installation of ROMs and emulators. The good news for Nintendo is that even with the Switch being jailbroken, it is not easy for the masses to sideload pirated content. There are other safeguards at play. Nevertheless, don't expect this exploit to exist on the Switch much longer.

Show comments blog comments powered by Disqus