Hacking 3DS Virus. Possible?

[MilkPSP]

There could be a brick like there was in the early stages on DS homebrew, which would be an extreme annoyance, and there would be a debricking method. This would also be when the 3DS gets hacked, if it does, in fact, get hacked.
I honestly don't think that there would be a virus. A virus would require, as above, the ability to run unsigned code, and that would be only if the 3DS gets hacked.

 

[notmeanymore]

Look at it this way, if someone finds a way to make a virus (and some people don't seem to know the difference between a virus and a trjan) then they've basically hacked the 3DS by making it run unsigned code. And they've done it without even touching the unit itself.

For anyone else reading this thread, read this quote, then think again about the plausibility of a 3DS virus.

that quote merely states that one can't code a virus(now), for a system which isn't even out yet.
then again, this whole thread doesnt make sense, since none has the 3ds right now

and to answer:
if system updates can be passed between two 3ds, then there is still the problem that the one sending must be able to run unsigned code and that there must be some kind of exploit to make the other ds run unsigned code(the 'virus')
not likely going to happen.

A buffer overflow like the Wii's Twilight Hack could do it, as I mentioned above, or the system update method which would probably bypass the need for unsigned code since it'll just take whatever the partner 3DS's firmware is since it'll assume that it's impossible to have unsigned code on the partner 3DS -- death by assumption.

 

[ecko]

Look at it this way, if someone finds a way to make a virus (and some people don't seem to know the difference between a virus and a trjan) then they've basically hacked the 3DS by making it run unsigned code. And they've done it without even touching the unit itself.
For anyone else reading this thread, read this quote, then think again about the plausibility of a 3DS virus.

that quote merely states that one can't code a virus(now), for a system which isn't even out yet.
then again, this whole thread doesnt make sense, since none has the 3ds right now

and to answer:
if system updates can be passed between two 3ds, then there is still the problem that the one sending must be able to run unsigned code and that there must be some kind of exploit to make the other ds run unsigned code(the 'virus')
not likely going to happen.

A buffer overflow like the Wii's Twilight Hack could do it, as I mentioned above, or the system update method which would probably bypass the need for unsigned code since it'll just take whatever the partner 3DS's firmware is since it'll assume that it's impossible to have unsigned code on the partner 3DS -- death by assumption.

yes hence why i've written:
QUOTE(ecko @ Dec 13 2010, 01:54 PM)

there must be some kind of exploit to make the other ds run unsigned code(the 'virus')

this exploit could very well be a buffer overflow or any other kind of exploit because of buggy written code (like the wii's strncmp/fakesigning bug)

 

[bigpaws]

we wont know until its out
i think it would be pointless
is there a virus fore ipod touch?

 

[DigitalDeviant]

in order to make a virus you'd need access to the system internal software in the first place, so it wouldn't be practical and who would wan't to.

 

[moodswinger]

If there's a reasonable number of market, then it will happen.

 

[sputnix]

well the 3DS has the um can't remember the name of it but it can silently transfer data between games sharing highscores and stuff, so when the 3DS game get's hacked someone evil mastermind might have it where it shares a hacked file that shares a virus between systems without people even knowing

 

[TheDarkSeed]

This reminds me of Pokerus. Pokemon getting in contact with other pokemon and getting pokerus and making it awesome!

I wasn't thinking virus though, I was thinking of CFW spreading. (I'm not saying it will though-.-)

 

[bigpaws]

yes but that would cause the warrenties of many innocent peoples devices to end against their will
think of what would happen if it wasnt noticed that it happened and then a few weeks later, the device wont power on
you send it in and get a call saying that it was hacked and that it costes $100 to fix
i dont think everyone wants cfw because it ends warrenty
that and streetpass spread updates would be automatic so no choice in the matter.
not a good idea to spread cfw randomly
maybe a 3ds downloadplay exploit could install cfw but makeing it volentary is nessicary
otherwise it is a virus

 

[pachura]

I can't believe you guys spent 6 pages discussing something as ridiculous as 3DS virus

 

[WiiUBricker]

Since the 3DS can get game updates and, presumably, system updates from other 3DS's in the area, could it be possible when and if the 3DS gets hacked for someone to make a virus that spreads from 3DS to 3DS using system updates by simply appearing as 1 system menu ahead? Or do you think Nintendo has thought this through and prevented it?

Yes it's possible. Viruses are just applications. If a SDK is given, this sure is possible.

 

[FAST6191]

I can't believe you guys spent 6 pages discussing something as ridiculous as 3DS virus

A system at the time said to have automatically applied updates received via other units- a possible vector for both malware and hacking.
A device set to sell more than a few units (not automatic but as a rule popular devices do get targeted)
A trojan released for a predecessor, more than a few fake/bad hacks for various similar devices.
A possibility of good info for scammers (credit, names, DOB, possible ties to other things- same passwords cards attached to accounts....)
Some examples of other such malware (Cabir from early bluetooth phones and if the security conference circuit is not lying to me then similar things set to happen again- http://www.youtube.com/watch?v=TzR7R6fBr00 )

I agree some of the posters could do with being more well versed in technical concepts but to call it ridiculous is a stretch.

 

[Zetta_x]

Nintendo better not let the signing keys loose

 

[pachura]

A system at the time said to have automatically applied updates received via other units- a possible vector for both malware and hacking.
A device set to sell more than a few units (not automatic but as a rule popular devices do get targeted)
A trojan released for a predecessor, more than a few fake/bad hacks for various similar devices.
A possibility of good info for scammers (credit, names, DOB, possible ties to other things- same passwords cards attached to accounts....)
Some examples of other such malware (Cabir from early bluetooth phones and if the security conference circuit is not lying to me then similar things set to happen again- http://www.youtube.com/watch?v=TzR7R6fBr00 )

I agree some of the posters could do with being more well versed in technical concepts but to call it ridiculous is a stretch.

1. To be able to infect a device with a virus, you first need to be able to execute custom code. I guess it will take at least a year before 3DS is hacked... then we can talk

2. I was under impression that StreetPass will only be used for exchanging data - like, player profiles, Miis, to run virtual fights in SSFIV 3D and so on. I really don't think it will be used for spreading firmware updates... and won't they be voluntary, anyway ?
3. Even if StreePass is used for automatic firmware updates, you still need secret keys to sign your malicious code as a firmware update.
4. Handheld consoles are very rarely a target for virus writers. Nowadays, viruses and malware are used more and more for illegal purposes - stealing bank accounts, passwords etc. What could you steal on 3DS apart from player's account ?
5. Yes, I remember BrickMe. It was proof-of-concept written by the guy who hacked DS, DarkFader. People were initially afraid of getting their DS-es bricked, but guess what ? Nothing happened.

 

[FAST6191]

I am not sure why we are debating the way we are- I agree entirely that it is not likely but to outright dismiss the subject I can not agree with.

Still

Yeah I agree with just simple virtual fights, maybe a token addition to their augmented reality stuff and the like (although custom protocols and a bit of fuzzing there might be an interesting attack vector)- at the time automatic "viral" updates were thought to the order of the day.
I also agree signatures are necessary unless of course they do something silly like the early PSP alt directory hacks (the checked directory is fine but a directory with a $ in it will be loaded if it otherwise has the same name), only sign X portion of code and allow a jump of some form (not too far removed from what we have on the DSi compatible cards or indeed the original passme), something analogous to the trucha bug and so on. All three companies claimed to have learned their lesson in security for this current generation (if not before) but we have all seen how that goes not to mention some of the more interesting methods take some resources to defend against. I should also mention I am not necessarily expecting the payload to come from a 3DS- lots of work in rogue hotspots and even stuff like credit cards (fake authentication of chips) has happened.

4) I agree but with it set to be like phones and there probably being a nice uniform web backend with interesting things on it might be a good target. Granted I usually come the other way and would aim to hack a website (or more likely an account password for such a thing) storing a phones call logs, text messages and the like rather than attack the device itself (not that it is that difficult mind).

It also depends on where things go- if mobile phones take off as some are expecting and indeed if the "why has it taken this long to get a PSP phone" crowd have some merit to their words I can see Nintendo doing a quick shift and allowing a few features that come from such a thing.

5) I agree again, I had not meant to suggest it was even a good attack and mentioning it using the arguments I used might not have been the most persuasive technique just that it had happened.

 

[Zetta_x]

I think we all agree with Fast,

Even if StreePass is used for automatic firmware updates, you still need secret keys to sign your malicious code as a firmware update.

That is still a possible scenario where malicious intent can happen deeming it 'possible'