NVIDIA’s Tegra chipsets have a vulnerability which allows execution of custom code on locked-down devices.
This exploit, named Fusée Gelée, leverages a cold boot vulnerability through which a hacker could obtain full, unauthenticated arbitrary code execution from a new boot ROM context via Tegra Recovery Mode (RCM).
The code is injected into the Boot and Power Management Processor (BPMP) before any cybersecurity measures kick in. This cod injection will compromise the entire root-of-trust for each affected device.
Through a specially crafted USB control request, the contents of an hacker-controlled buffer can be copied over the active execution stack, gaining control of BPMP.
After this happens, the hacker can exploit the execution to exfiltrate secrets and load arbitrary code onto the main CPU Complex (CCPLEX) application processors. The executed code has the highest level of privilege.
This vulnerability is independent of the software stack. However, the security bug does require physical access to the affected hardware and cannot be exploited remotely.
We said it before, and we are saying it now: anything can be hacked. Remember that it is essential for every user and company to add extra measures of cybersecurity. Every user must use only the best cybersecurity solution like an antivirus for Windows or antivirus for Mac depending on which OS their device is running. Also, every company must go an extra step to obtain the best cybersecurity measure; this can be done by hiring a cybersecurity firm that will attack purpose the company’s network of revealing its most destructive and dangerous flaws.
This kind of deliberate attacks is done through specialized cybersecurity tests like penetration test and ethical hacking tests.
Fusée Gelée is possible thanks to a coding error in the read-only boot ROM found in most Tegra devices. The most significant cybersecurity issue here is that this vulnerability cannot be patched once the component has left the factory meaning that it will continue to impact user devices no matter what.
This vulnerability is dangerous because is affecting a significant number and variety of devices. Very few weaknesses have the severity and the immutability of this one.
Nintendo Switch is one of the popular affected devices, and thanks to this vulnerability the hackers announced that they would be building a customized Switch firmware called Atmosphère, which will take full advantage of Fusée Gelée.
For now, we know that all Tegra SoCs released before the T186 / X2 are vulnerable to exploitation of Fusée Gelée, and we expect full public disclosure of it on June 15, 2018.
All Nintendo Switch devices currently on the market or inside users homes will be vulnerable to Fusée Gelée” throughout their entire lives. Hackers announced that users who already own a Switch would get access to Atmosphère even if they install a newer firmware version because the core vulnerability is not software dependent.
Fusée Gelée isn’t a perfect exploit but is pretty damned close to being perfect. The different variants of Fusée Gelée will each come with their advantages and disadvantages.
Because we want you to stay safe and secured in front of all vulnerabilities, we recommend implementing a robust cybersecurity solution into your devices like an antivirus for Windows or antivirus for Mac depending of which OS are your machines running. We also suggested that every company must hire a specialized cybersecurity firm that will perform various tests like a penetration test and various ethical hacking tests on company’s network to reveal if any network flaws are present.
For companies that exist 100% online, we recommend the using of cyber-secured web hosting services.