I brought this up about a year ago in #gbdev on efnet. Arbitrary execution of native code via a ROM is something I thought no one had thought about, but people definitely have. I tried creating a game boy ROM that would escape the “sandbox” of a particular one-off emulator someone wrote. Why? Because everyone writes game boy emulators as a hobby project (and NES ones too), so why would they care about security. This leaves a huge attack space for anyone wanting to try this.
So be wary of the emulator you install, and the ROMs you download.
I brought this up about a year ago in #gbdev on efnet. Arbitrary execution of native code via a ROM is something I thought no one had thought about, but people definitely have. I tried creating a game boy ROM that would escape the “sandbox” of a particular one-off emulator someone wrote. Why? Because everyone writes game boy emulators as a hobby project (and NES ones too), so why would they care about security. This leaves a huge attack space for anyone wanting to try this.
So be wary of the emulator you install, and the ROMs you download.