A researcher discovered a highly critical vulnerability affecting the Nintendo 3DS console. Exploiting this bug could allow an adversary to MiTM attacks against gamers. The researcher won a hefty $12K+ bounty for reporting this bug.
Nintendo 3DS Vulnerability
Reportedly, a security researcher discovered a critical security flaw affecting the now-discontinued Nintendo 3DS handheld gaming console.
The vulnerability resided in the Nintendo 3DS handling of digital certificates. Specifically, due to improper certificate validation, it became possible for an adversary to spoof certificates and perform man-in-the-middle MiTM attacks.
As described in the bug report,
The SSL system module does not properly validate the x509 certificates when establishing an SSL/TLS connection. Actually, the SSL system module does not check the signatures when validating a certificate chain, allowing anyone to forge fake certificates and perform MitM attacks or spoof trusted servers.
Exploiting this flaw could result in dangerous consequences as an adversary could spoof any server to trick the target gamer. This includes spoofing eShop servers and extract user information, spoof connection to game servers, or simply perform MiTM for spying on communications and stealing data.
This vulnerability affected all Nintendo 3DS consoles with firmware version 11.13 or below. It received a critical severity rating with a score of 9-10.
$12K Bounty Awarded
After discovered the vulnerability in June 2020, the researcher reported the matter to Nintendo via their HackerOne bug bounty program.
Consequently, Nintendo worked on a patch to address the bug. Eventually, they deployed the patch with the release of Nintendo 3DS firmware version 11.14, as the researcher told The Daily Swig.
The latest firmware update (11.14) patches SSLoth. The other flaws were based on SSLoth, so by updating their 3DS, gamers should be safe. If they’re not willing to update, I’d recommend not using any untrusted DNS or proxy server, but doing so does not mean they’re safe.
— nba::yoh (@MrNbaYoh) December 22, 2020
So, users of Nintendo 3DS must ensure updating their devices with the latest firmware version to stay protected.
Besides patching the bug, Nintendo also awarded the researcher with a hefty bounty of $12,168.
The researcher has named this exploit “SSLoth” about which, he has shared the technical details on GitHub here.