Feeds

Nintendo downplays Wii U 'hidden control panel' hack fears

Miiverse admin board just-a mock-a-up, says Mario

Using blade systems to cut costs and sharpen efficiencies

A video games fan claims he accidentally hacked into the online environment (Miiverse) of Nintendo's latest game console, the Wii U.

A gamer called Trike claims he stumbled across a secret debug menu in the Miiverse that gave him access to a list of administrators and a control panel, hours after the US release of the console on Sunday. Snapshots posted by the gamer suggest he might have inadvertently scored access to controls that would have allowed him to delete access rights to Japanese administrators of the network or re-issue passwords.

However Nintendo said that the supposed "debug menu" was actually a "mock-up", not a live system.

"It has come to our attention that some people were able to access a mock up menu on Miiverse following the launch of Wii U in the US," Nintendo told Games Industry International. "Please note that this was only a mock up menu and has now been removed and is not accessible."

Trike said he made no attempt to abuse the supposed super-user rights he had inadvertently stumbled upon. Significantly, he also claims to have come across private message and pre-launch user forums in the Miiverse.

"At first it asked me to sign in, because my login information didn't match," Trike explained. "Then I pressed a button and it sent me to a list of admins anyway. They had buttons in the same row as the names, and I could "regenerate password" or "Delete Admin" or something along those lines. I didn't do it it because I didn't want to risk getting my god damn Wii U banned on day 1."

Trike asked for help in passing on his surprise finding to Nintendo "directly without going through their customer service email crap", as he put it. The gamer reported his discovery in a posts to the NeoGAF gaming forum, alongside snapshots taken from a mobile phone that appear to depict Miiverse control panels, as evidence of the apparent (since denied) security breach.

The gamer further claimed he was able to view private messages sent by other online gamers as well as hidden forums intended for discussion of upcoming (unannounced) games such as Yoshi's Island Wii U.

Feedback to these posts was largely along the lines of "Delete everything, make yourself an admin and RULE THE MIIVERSE", to quote one post.

Chris Boyd (AKA PaperGhost), senior threat researcher at GFI Software, and an expert in gaming security, played down the practical significance of the incident to game fans.

"On this occasion it's probably nothing to worry about, although it's unusual for such a menu to be so easily accessible - typically mock ups are kept on their own private network (sometimes requiring development kits to operate), or offline altogether<" Boyd told El Reg.

Nintendo's US tentacle announced it was running maintenance on its network on Monday morning, before later advising customers not to turn off their console during the update process.

So many Miis have jumped on Miiverse that some may be having problems connecting to the service. We are in the engine room getting it fixed!

This Twitter post makes no mention of removing access to the mock up menu but access to this facility was blocked following the update.

The security of gaming networks has become a bigger issue since the Playstation Network hack that spilled names, addresses, email addresses, birthdays and user login credentials of million of gamers last year. PSN was taken offline for more than a month to sort of the resulting mess.

The Nintendo breach is small beer by comparison, notes Graham Cluley of Sophos in a blog post on the apparent Miiverse snafu.

"Is the apparent security snafu damaging to Nintendo? Probably not. They appear to have resolved the issue quickly, and there is no suggestion that sensitive information was stolen from users, unlike last year's Sony PlayStation network hack where hackers stole the personal data of millions of people," Cluley writes. ®

Boost IT visibility and business value

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.