November 1, 2024 at 04:39AM
Hacker GaryOderNichts successfully exploited a vulnerability in Nintendo’s Alarmo clock, allowing him to run custom code. Using insights from researcher Naomi Smith and tools like a Raspberry Pi, he extracted the device’s encryption key and created a payload displaying a cat picture. Nintendo has yet to respond to this hack.
### Meeting Takeaways:
1. **Security Breach**: A hacker identified as GaryOderNichts successfully exploited a vulnerability in Nintendo’s Alarmo clock, which recently launched as an interactive alarm device.
2. **Product Overview**: The Alarmo clock is designed to make waking up enjoyable, featuring music and sounds from Nintendo games, priced at $99.99.
3. **Investigation and Exploitation**:
– Gary accessed the device by removing a screw near the USB-C port.
– He utilized findings from researcher Naomi Smith (Spinda), who had identified Serial Wire Debug (SWD) pins on the device and began exploring security holes.
– With the assistance of vulnerability researcher Mike Heskin (hexkyz), Gary managed to exploit a vulnerability in the cryptographic processor, gaining access to the AES-128-CTR key used for encryption of the Alarmo’s content files.
4. **Custom Payload Creation**: Using the seized key, Gary was able to modify the device’s boot process and load custom firmware, which he demonstrated by displaying a cat picture.
5. **Public Accessibility**: Gary has made available his testing USB payload and a tool for brute-forcing the Alarmo’s AES encryption key, indicating that further custom code development for the Alarmo could follow.
6. **Company Response**: The Register reached out to Nintendo for comment regarding this security breach and its implications. There has been no response from the company as of yet.
7. **Media Reference**: A cat picture associated with Gary’s demonstration was mentioned as a notable post-Halloween reveal.
### Next Steps:
– Monitor for Nintendo’s response to the inquiry about the hack and its potential impact.
– Consider potential implications or actions regarding the security of the Alarmo device.