Massive Security Bug Found In OpenSSL

Discussion in '3DS - Flashcards & Custom Firmwares' started by rooshoes, Apr 8, 2014.

  1. rooshoes
    OP

    rooshoes Newbie

    Newcomer
    7
    0
    Oct 14, 2013
    United States
    It is doubtful this will have any relevancy to the Homebrew scene as the 3DS console uses its own physical AES chipset/engine, but could be applicable to the Pokémon Global Link, should it be using OpenSSL. I presume if an attacker gained access to the key(s) used to encrypt Pokémon transfer data, one could set up a spoof server and manipulate any data sent to the game.
     
  2. chrisrlink

    chrisrlink your friendly neighborhood serial killer

    Member
    1,602
    198
    Aug 27, 2009
    United States
    Elm street
    like the HyperGTS program of Gen 4/5 Games?
     
  3. indirect

    indirect Member

    Newcomer
    36
    4
    Mar 29, 2014
    United States
    There is a few ways this could be applicable but it's all requiring someone to actually commit the illegal act of accessing the memory of Nintendo's servers. I don't want to get mixed up in the legality all for some nice hacked pokemon...Also I would never encourage anyone to act on this bug on nintendo's server because well, it'll probably (pretty much definitely) end up in getting charged if caught.

    Nonetheless, the bug itself is pretty much a big deal, even services on Nintendo's servers could be compromised such as SSH and FTP. That's a HUGE deal. But meh, hopefully Nintendo would plan on a security audit if the GTS and such is affected by these bugs...
     
  4. McHaggis

    McHaggis Fackin' Troller

    Member
    1,721
    940
    Oct 24, 2008
    To quote an excerpts from heartbleed.com:

    This means that a vulnerable server could be impersonated if someone was able to get those secret keys. You could think much bigger than GTS if you wanted, assuming someone is/was quick enough to exploit the vulnerability before Nintendo has a chance to patch it (assuming they are vulnerable).