Nintendo has taken Wii U games Mario Kart 8 and Splatoon offline for security reasons

videogameschronicle.com:

Nintendo has taken two of its most popular Wii U games offline to fix what is says is a security vulnerability.

Both games were taken offline at 8.30pm PT / 11.30pm ET on Thursday (4.30am GMT today) to fix the issue, and Nintendo suggests it may be days before they’re back online.

“We have identified vulnerabilities with online play for [these] network [services] and have begun temporary emergency maintenance,” a message on Nintendo’s Network Maintenance site reads.

“We expect an extended maintenance duration while we address these issues and have not determined when online play will resume. We sincerely apologize for this inconvenience and appreciate your understanding.”

Nintendo dataminer OatmealDome took to Twitter to note that the security issue in question is “almost certainly” an exploit called ENLBufferPwn, which allows an attacker to take over someone’s console and execute code on it, just by playing against them online.

A recent YouTube video by PabloMK7 shows how the exploit could also be carried out on Mario Kart 7 on the 3DS (which has since been patched to prevent it).

In the video, the hacker’s 3DS is shown connecting to another player’s 3DS via the game’s online multiplayer. The hacker is then able to take control of the other 3DS and forces it to install custom firmware.

PabloMK7 notes that “using the same techniques, it would be theoretically possible to steal account/credit card information or take unauthorised audio/video recordings using the consoles built-in mic/cameras.”

Notice: To display this embed please allow the use of Functional Cookies in Cookie Preferences.

As well as Mario Kart 7 on 3DS, several Switch games were also vulnerable to the exploit at one point, including Mario Kart 8 Deluxe, Animal