Nintendo will pay a cash bounty to hackers who find undiscovered security vulnerabilities in its handheld console, the 3DS. Hosted by San Francisco-based HackerOne, a bug bounty program created by security staff from Google, Facebook, and Microsoft, the program invited security researchers to find and address security vulnerabilities in the Nintendo 3DS family of systems.
Nintendo 3DS offers Hackers To Find Bugs
Here’s a breakdown of Nintendo’s HackerOne Bug Bounty Program:
Nintendo is offering cash rewards that range between $100 to $20,000 USD for reports of Nintendo 3DS vulnerabilities. The size of the reward is dependent on the importance of the information and quality of the report. The more severe the vulnerability, the higher the reward. Additionally, only one reward will be given for each qualifying vulnerability that is reported.
Below are examples of types of activities that Nintendo is focused on preventing:
Piracy, including:
– Game application dumping
– Copied game application execution
Cheating, including:
– Game application modification
– Save data modification
Dissemination of inappropriate content to children
The company is strictly interested in receiving information tied to 3DS, with the intent to prevent various activities, including piracy, cheating, and the “dissemination of inappropriate content to children.”
System Vulnerabilities Nintendo Wants To Know About
- Privilege escalation on ARM11 userland
- ARM11 kernel takeover
- ARM9 userland takeover
- ARM9 kernel takeover
Vulnerabilities regarding Nintendo-published applications for the Nintendo 3DS family of systems
- ARM11 userland takeover
Hardware vulnerabilities regarding the Nintendo 3DS family of systems
- Low-cost cloning
- Security key detection via information leaks
Even it Nintendo doesn’t offer a reward, the company holds a “worldwide, perpetual, irrevocable, non-exclusive, transferable, sublicenseable, fully-paid and royalty-free license” for any information submitted.
Nintendo’s 3DS has been hacked several times over the years. One of the most famous exploits involved the Ubisoft platformer Cubic Ninja, causing a rise in eBay prices for the game. Not so long ago, another hack emerged, this time using the indie gravity-flipping platform game VVVVVV. It was pulled from the Nintendo eShop following the exploit.
Nintendo 3DS was released in 2011, and thus, the system is a little outdated. Although, it seems that with the HackerOne Bug Bounty Program, Nintendo wants to put out an end-of-life update to the Nintendo 3DS family of systems. Albeit, the company has no plans to discontinue the Nintendo 3DS anytime soon.
Meanwhile, Nintendo is going to release a new console, the Nintendo Switch in March 2017. The Nintendo Switch will function as both a home console and portable.
