UW Computer Security Research and Course Blog

“Update.  This entry was updated on <January 9, 2009> to reflect a <re-interpretation of the original article>.

After several years that Wii have been launch, hackers found flaws in Wii’s security aspect. According to an article from Nintendo World Report, a tiny processor that was kept as a secret for security reason is discovered by a group of hackers, Team Twiizers. Because the existence of the chip has been discovered, this can cause security problems.

As presented in this video, in order to run the game on Wii, a ticket (key) is needed. The valid keys are all stored in the chip. However, this chip does not only consist of keys, but also controls the turn on bit of the functionality of DVD playback that is turned off by default. These aspects make the hackers feel challenge to break Nintendo’s security system.

One solution that the company can conduct is to decrease the price of software so the hackers will not have motivation to break the system and run illegal copies of the software. Another possible solution is to replace the chip by the one with more capacity so the chip can have a security management.

Once a hacker can break through the security system, he can post his open source-code. The users can download the code, execute it, and run it in Wii. By doing this, Wii’s users will be able to do piracy. On the other hand, since users will have to go online to download software updates or compete with other users, the hacker may have connection to the user’s console. This way, the hacker can get the users’ private data, such as their pictures or game history.

With this security problem, the consumers will want the company to make the code in the chip become open source. The customer can download the code to enable DVD playback. In the other hand, the consumers also have to help companies, not only Wii’s company, to prevent piracy.

< END >

<Original>

After several years that Wii have been launch, hackers found flaws in Wii’s security aspect. According to an article from Nintendo World Report, a tiny unlicensed processor was discovered in Wii. This illegally planted chip could be a big problem in the user’s privacy especially when the user goes online.

Internet is never a secure world. Every time we are connected to the internet, there will always be a risk of getting attack. In order to get online in Wii, we assume the user will have to insert a username and a password. With Wii having this undocumented processor, a black hat hacker, a hacker who breaks to security system and harm it, could hack the Wii system; by getting access to the Wii system, hackers can “play” with it. The hacker can set the system so that some software cannot be run and even get the user’s private data.

A Joysound Wii karaoke software will be released in Japan and users will have to pay for the song library with timed-subscription. Hackers can go down to the system and change the minutes that they or others use while playing this game. This activity can bring advantages and disadvantages to both Wii users and the company.

Out of all those security problems caused by the illegal processor, there is one good point. As stated, the hacker can set the system and authenticate which software can be played that can stop people to copy the software and play it on many other consoles. This issue can prevent piracy.

One possible solution that the company can do is to remove the undocumented processor and redesign Wii. A Wii owner will want the company to fix these potential security problems. Furthermore, the solutions should be found by the company and back in design time, all Wii’s components should be well-documented.