Feeds

Nintendo downplays Wii U 'hidden control panel' hack fears

Miiverse admin board just-a mock-a-up, says Mario

Next gen security for virtualised datacentres

A video games fan claims he accidentally hacked into the online environment (Miiverse) of Nintendo's latest game console, the Wii U.

A gamer called Trike claims he stumbled across a secret debug menu in the Miiverse that gave him access to a list of administrators and a control panel, hours after the US release of the console on Sunday. Snapshots posted by the gamer suggest he might have inadvertently scored access to controls that would have allowed him to delete access rights to Japanese administrators of the network or re-issue passwords.

However Nintendo said that the supposed "debug menu" was actually a "mock-up", not a live system.

"It has come to our attention that some people were able to access a mock up menu on Miiverse following the launch of Wii U in the US," Nintendo told Games Industry International. "Please note that this was only a mock up menu and has now been removed and is not accessible."

Trike said he made no attempt to abuse the supposed super-user rights he had inadvertently stumbled upon. Significantly, he also claims to have come across private message and pre-launch user forums in the Miiverse.

"At first it asked me to sign in, because my login information didn't match," Trike explained. "Then I pressed a button and it sent me to a list of admins anyway. They had buttons in the same row as the names, and I could "regenerate password" or "Delete Admin" or something along those lines. I didn't do it it because I didn't want to risk getting my god damn Wii U banned on day 1."

Trike asked for help in passing on his surprise finding to Nintendo "directly without going through their customer service email crap", as he put it. The gamer reported his discovery in a posts to the NeoGAF gaming forum, alongside snapshots taken from a mobile phone that appear to depict Miiverse control panels, as evidence of the apparent (since denied) security breach.

The gamer further claimed he was able to view private messages sent by other online gamers as well as hidden forums intended for discussion of upcoming (unannounced) games such as Yoshi's Island Wii U.

Feedback to these posts was largely along the lines of "Delete everything, make yourself an admin and RULE THE MIIVERSE", to quote one post.

Chris Boyd (AKA PaperGhost), senior threat researcher at GFI Software, and an expert in gaming security, played down the practical significance of the incident to game fans.

"On this occasion it's probably nothing to worry about, although it's unusual for such a menu to be so easily accessible - typically mock ups are kept on their own private network (sometimes requiring development kits to operate), or offline altogether<" Boyd told El Reg.

Nintendo's US tentacle announced it was running maintenance on its network on Monday morning, before later advising customers not to turn off their console during the update process.

So many Miis have jumped on Miiverse that some may be having problems connecting to the service. We are in the engine room getting it fixed!

This Twitter post makes no mention of removing access to the mock up menu but access to this facility was blocked following the update.

The security of gaming networks has become a bigger issue since the Playstation Network hack that spilled names, addresses, email addresses, birthdays and user login credentials of million of gamers last year. PSN was taken offline for more than a month to sort of the resulting mess.

The Nintendo breach is small beer by comparison, notes Graham Cluley of Sophos in a blog post on the apparent Miiverse snafu.

"Is the apparent security snafu damaging to Nintendo? Probably not. They appear to have resolved the issue quickly, and there is no suggestion that sensitive information was stolen from users, unlike last year's Sony PlayStation network hack where hackers stole the personal data of millions of people," Cluley writes. ®

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
Think crypto hides you from spooks on Facebook? THINK AGAIN
Traffic fingerprints reveal all, say boffins
prev story

Whitepapers

A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.