Hacking Mocha CFW leaves the wii u vulnerable? (Dumb questions for days)

[wiiuparanoia]

Hi, I'm new here

So simple question, if I install this custom firmware in my wii u, am I expose to some kind of viruses or malware?, since the program "patches" the Sysnand, breaking its security protocol (or at least I think thats how it works , not a professional here).

I'm asking because I go into a lot of pages that spawn lots of pop ups such as animeflv which, some of them, have contained malware that my pc has detected

 

[RyDog]

Wii u has no known viruses. the only known viruses is if you're dumb and you install something bad to your console and brick it.

 

[xtheman]

No such thing exists but with the extra permissions that Mocha allows one could make a code that renders the console useless on launch of the app.

Then again you don't even need Mocha for that. A simple .elf is enough.

 

[QuarkTheAwesome]

You think that's vulnerable? The Wii U has classic IoT vulns right out of the box. With absolute zero modification, the console can leak your WiFi passwords simply by loading a website. I built a PoC of this aaages ago as a joke, but it could be a serious issue. Of course, that's with pure browserhax - no PowerPC kernel, no IOSU userspace or kernel, nothing.
There's many more glaring issues but to cut a long story short, your Wii U is already vulnerable to malware if someone was bothered to make it. Homebrew usage makes no difference to that; if anything making the system more secure due to moving everything around.

 

[subcon959]

Maybe do your pr0n surfing on PC instead?

 

[AdmiralSpeedy]

Popups can't even infect a PC like people seem to think they can.

 

[The Real Jdbye]

Popups can't even infect a PC like people seem to think they can.

Driveby exploits exist. So theoretically, they can, but it rarely happens.
Usually it's from people being dumb and downloading/running anything the popup tells them to.

 

[AdmiralSpeedy]

Driveby exploits exist. So theoretically, they can, but it rarely happens.
Usually it's from people being dumb and downloading/running anything the popup tells them to.

Driveby exploits exist yes, and they are simply able to force a download and drop it on your machine. As far as I'm aware, nothing can force you to install anything.

 

[The Real Jdbye]

Driveby exploits exist yes, and they are simply able to force a download and drop it on your machine. As far as I'm aware, nothing can force you to install anything.

You don't have to install anything, a driveby exploit can run code on your machine to do anything, like steal passwords or download and run malware.

 

[Pajar0]

Using those dodgy DNS servers to block updates, can also redirect your wiiU to a website that triggers any attack.

 

[AdmiralSpeedy]

You don't have to install anything, a driveby exploit can run code on your machine to do anything, like steal passwords or download and run malware.

That's not entirely true.

 

[AboodXD]

Anyone could make a virus.
A virus doesn't exist ATM, everyone should already know this.

 

[The Real Jdbye]

That's not entirely true.

Which part of it isn't?

 

[mikey420]

In short a "CFW" grants root to the main user. Though it makes you no more vulnerable than you already were. Using a web exploit to gain code execution would allow a malicious page to gain kernel/iosu through the known exploits and use it to brick your device or install a malicious software to the system. Theoretically the wiiU or for that matter any device with known privilege escalation exploits for the current firmware and a web browser can be maliciously attacked through an exploit for the browser that gains code execution. Mind you even without privilige escalation a sandboxed browser hack can often. Leak valuable info such as stored passwords.

 

[AboodXD]

Luckily, no one is willing to do that.

 

[mikey420]

Luckily, no one is willing to do that.

Hopefully not but the possibility is still there. After all there were malicious "game dumps" released for the vita that just bricked users who installed and ran them. So its not like those with the desire to do these this sort of thing don't exist. Its just highly unlikely

 

[AboodXD]

Guys, I'm gonna go make dat SMM mod/exploit that will download you every game on the eShop.
Scam-free, malware-free, recommended by most famous developers.

#Sarcasm

 

[QuarkTheAwesome]

That's not entirely true.

It kinda is. We use such an exploit on the Wii U (shown to be capable of accessing WiFi passwords and ofc further exploitation), but they exist on other platforms too - stagefright on Android allows userspace code exec, as did the lsass bug on unpatched XP systems, Flashback on OSX, whatever the heck jailbreak.me used on iOS - pretty much every OS has had a code exec bug in its web browser at one point or another. The lsass bug was particularly devastating since it didn't even need user interaction like loading a website - a public-facing machine was vulnerable simply by being powered on.