3DS's been hacked already (R4 DSi cards)

[FamicomRetroGamer]

Video > http://www.youtube.com/watch?v=rXU2W0ZOyNo

Nintendo said it'd be hack-proof but it turns out it's hacked already.

[manuel]

It's not hacked. It's just compatible with DS games, that's why DS flash cards will work.

[Yukima]

Do only DSi flash cards work, or will DS/DS Lite flash cards work as well?

[nintendodork]

Sweet! Good to know. I was fearing I'd have to buy another one.

[L___E___T]

Guys, please don't think 3DS will be hacked easily - this is a big mission for Nintendo and the 3DS is designed to have even stronger protection than current consoles.  It'll only ever be a matter of time, but don't expect it any time soon.

[manuel]

Although I do hope the 3DS won't be hacked soon I have my doubts. I give it a few months tops. (I really hope I'm wrong.)

[L___E___T]

It was one of the design pillars to have the 3DS secure, so they've designed with security in mind from the ground up.  But let's see.  They're VERY confident so far

[FamicomRetroGamer]

Nintendo is aiming for 3DS to be hack-proof, but they're forgetting that the hackers are always smarter than them, when it comes to unlocking a device to its full potential.

"How to jailbreak your 3DS" coming soon

[manuel]

I think it's not that the hackers are smarter.
My stance on it is: Everything can be hacked/cracked or whatsoever.

And IF there is something that is "unhackable" or close to it, it probably costs too much or is too difficult to implement.

Let's wait and see.

[UglyJoe]

It's not so much that the pirates are smarter (although the real hackers are quite smart!), it's just that their victories are very public and Nintendo's victories are not.  Everytime there is a failed hacking attempt -- and there are many, many failed attempts before a success -- you don't see articles go up about how awesome the copy-protection code was.  What you see are the here-and-there victories for the hackers. 

There's only one end-game move, however, and it's always the hackers' move to make.  Nintendo is on the losing side by default.

I think the best defense is the one that Sony took with the PS3: leave the hardware open enough that the gifted hackers who don't care about piracy won't have to spend their time trying to open up the hardware.  Without the gifted hackers cracking things open, it takes the less-gifted piracy-minded hackers much longer to solve the puzzle.

Of course, Sony bungled that defense something awful when they removed OtherOS...

[FamicomRetroGamer]

It's not so much that the pirates are smarter (although the real hackers are quite smart!), it's just that their victories are very public and Nintendo's victories are not.  Everytime there is a failed hacking attempt -- and there are many, many failed attempts before a success -- you don't see articles go up about how awesome the copy-protection code was.  What you see are the here-and-there victories for the hackers. 

There's only one end-game move, however, and it's always the hackers' move to make.  Nintendo is on the losing side by default.

I think the best defense is the one that Sony took with the PS3: leave the hardware open enough that the gifted hackers who don't care about piracy won't have to spend their time trying to open up the hardware.  Without the gifted hackers cracking things open, it takes the less-gifted piracy-minded hackers much longer to solve the puzzle.

Of course, Sony bungled that defense something awful when they removed OtherOS...

Sony did an excellent job including OtherOS with PS3's, but when PS3 Slim was released it was said that OtherOS would not work with newer models (they could actually), so basically, it was a matter of time before they permanently removed Linux from all PS3's.

The hackers themselves were happy with OtherOS, but Sony thought it was better to take it away, and then the bomb went off.

Now, I am very disappointed with Sony's actions, not only it costs them tons of money but they will not win the cases against the hackers. Sony had many chances of learning from their mistakes but never did.

PlayStation Store is unsafe to add credit card details, for example, and here's the link: http://arstechnica.com/gaming/news/2011/02/report-psn-hacked-showing-stunning-lack-of-credit-card-security.ars

[UglyJoe]

PlayStation Store is unsafe to add credit card details, for example, and here's the link: http://arstechnica.com/gaming/news/2011/02/report-psn-hacked-showing-stunning-lack-of-credit-card-security.ars

That article is pretty much nonsense (which is rare for an Ars article).  Read this user's comment for details.

So the short of this:

- Your information is not being sent in the clear, but is being sent via industry standard HTTPS/SSL.

For an attack to succeed:
- An attacker must persuade you to load a Custom Firmware that has a self-signed root certificate loaded on it
- the attacker must successfully poison the DNS cache of a DNS server that YOU use
- the attacker must then wait/hope/pray that you connect to the server he spoofed so that you can authenticate to him.

That, ladies and gentlemen, is a pretty tall order, though it's by no means implausible.