John Layton 23 December 2020 at 14:36 UTC
Updated: 23 December 2020 at 14:45 UTC
The console hacker flaw opened the door for midm attacks
The discovery of an important digital certification manipulation by technology bundled with the Nintendo 3DS portable gaming console has earned a researcher 12 12,168 error.
Lack of certification verification on the recently discontinued Nintendo 3DS created a mechanism to enable it before resolving handler-in-the-middle (MTM) attacks against gamers.
The flaw – discovered by a security researcher with the ‘MrNbaYoh’ handle and reported by a hacker – means that the SSL system module failed to verify the digital credentials while attempting to establish a secure connection.
More precisely, “the SSL system module does not verify signatures when verifying a certificate chain, allowing anyone to create fake credentials and trick MTM attacks or trusted servers” Now the public vulnerability disclosure report In Hackerone.
Execution error
The SSL system module on the Nintendo 3DS uses the RSA BSAFE MES library to enable SSL / TLS communications.
This module is highly customizable, and the root cause of the problem is errors in the console maker’s operation rather than inherent flaws in the technology.
The vulnerability created a mechanism to deceive Nintendo’s ESH servers or, among other exploits, before fixing connections for certain gaming servers.
Related Sony introduces PlayStation bug bounty over PS5 rollout
Called ‘SS Lot’ by the researcher who discovered it, the problem was with Nintendo 3DS firmware versions 11.13 and below.
“The latest firmware update (11.14) connects to SSlot,” Mr. N. Boyo said. Said Daily Swig. “Other vulnerabilities are SSLoth based, so by upgrading their 3DS, gamers need to be safe.
“If they don’t want to update, I recommend not using any hopeless [domain name server] DNS or proxy server, but doing so does not mean they are safe, ”they added.
Last Gen Console
3DS launched in 2011 Discontinued earlier this year Nintendo throws its marketing efforts behind the device’s successor Switch.
If so, it’s worth noting that a security flaw in the decade-old device could still attract the five-point error pound from the Japanese gaming company.
Mr NPO said he got into security bug credits after developing an interest in hacking gaming consoles.
“This is my bug function, which fits in better than any other way in my console hacking process,” he said. “I’m not really a bug bounty hunter.”
Check out the latest gaming safety news
The researcher added: “I’ve been working on 3DS since 2016. At one point Nintendo introduced their bug bounty program.”
So far, the protocol hacker’s bug bounty operations have been limited to Nintendo devices, but he said he is open to expanding his interests and looking at Sony’s PlayStation console.
“I still have work to do on 3DS, however, I may look at PS devices in the future,” Mr NbaYoh said. Daily Swig.
Nintendo has not yet responded to a request for comment.
read more Google security researcher banned from Call of Duty after ‘reverse engineering networking code’
“Avid writer. Subtly charming alcohol fanatic. Total twitter junkie. Coffee enthusiast. Proud gamer. Web aficionado. Music advocate. Zombie lover. Reader.”
More Stories
eShop size of upcoming Nintendo Switch releases
Cloud Garden (Nintendo Switch) – Trial
Nintendo eShop update: No new games to buy on Wii U and 3DS soon!