A new report finds some Nintendo games have security issues that allow a third party to take over the hardware, including saved payment information.
A vulnerability report from the Nintendo World Report claimed that some new and older Nintendo games, including Mario Kart 7, Animal Crossing: New Horizons, and the Splatoon series, have been found to have security issues that can be exploited by simply playing them online.
The exploit which allows a third party to take over the hardware and access saved payment information as well as the cameras and microphones on the 3DS and Wii U gamepads to capture video and audio, has reportedly been found mostly in older Nintendo games dating back to Mario Kart 7, which recently received its first update in a decade. For those unaware, Nintendo has been updating some of its older games to address potential issues or exploits that could be taken to the legal courts. It has been proven via a new report that the updates are tied to an exploit called “ENLBufferPwn”, which is rated 9.8 / 10 on the Common Vulnerability Scoring System.
Nintendo World Report also noted that the vulnerability utilizes a “buffer overflow” attack, meaning the lack of limit to the amount of data that is sent in a game session could lead the exploit to fully take over the system. Moreover, all these things could happen in the background without visible detection from players. It should be stated that the lack of updates for Wii U games could pave the way for vulnerability and lead to multiple breaches of player data.
“Nintendo was notified of the vulnerability by the discovering parties prior to the disclosure through a bug bounty program, which allowed for the existing patches to be programmed.” the report reads. The list of games that could be affected by the exploit is as follows:
- Mario Kart 7
- Splatoon
- Mario Kart 8
- Mario Kart 8 Deluxe
- ARMS
- Splatoon 2
- Splatoon 3
- Super Mario Maker 2
- Animal Crossing: New Horizons
- Nintendo Switch Sports
There is currently no official word from Nintendo about how the exploit will be addressed, though the company has patched numerous recent releases to fix privacy issues that could have landed the platform holder in hot water.
Denial of responsibility! galaxyconcerns is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.