While Nintendo’s Switch firmware updates are usually all about adding stability and getting rid of bugs, sometimes they inadvertently introduce problems of their own.
Conor is keen to stress that this vulnerability does not allow the user to run unsigned code on the Switch, so it cannot be used to ‘hack’ the console in any way – but it could be used for potential mischief nonetheless.
As Conor explains:
This exploit utilises a feature that was introduced in SwitchOS 11.0, specifically a new method to transfer screenshots from the Switch to a phone or another device. The way this feature would work is:
1) The Switch would set itself up as a wireless access point with credentials given out via QR code
2) The Switch would set up a webserver on that access point, containing the Console Nickname, which is set in the Switch’s Settings menu by the user, and the photos the user wanted to share.
He goes into a little more detail on how this attack could be implemented on his blog, and states that he has already alerted Nintendo of the exploit’s existence, so it should be patched out fairly soon.