Nintendo Teams Up With HackerOne to Secure 3DS Via Bounty Program

Security vulnerabilities are a nightmare for a console company.  Piracy and inappropriate content are particularly troublesome to Nintendo, so it’s teamed up with the web site HackerOne to find information on possible exploits of the 3DS platform.  This is being done by offering a bounty for any security issues found in that hardware family specifically, with rewards starting at $100 and going all the way up $20,000 for any major issues that are discovered.  The rewards are currently focused on discovering problems in the 3DS hardware or Nintendo-published titles, so vulnerabilities in, for example, the general eShop structure or exploits from bugs in non-Nintendo games would be exempt.  Still, if you’ve got the technical know-how to dive into the hardware’s code and can figure out ways to take over the ARM11 (main CPU) or ARM9 (security processor), or trick the system into giving up security keys, there could be a decent payoff for your cleverness.

It’s worth noting that, according to the terms, the amount rewarded is left to Nintendo’s discretion and the process for determining the reward amount isn’t being disclosed.  The first person to report the exploit gets the reward, preferably with software to back up proof of its viability, but if that’s going to take too long it’s better to report now and worry about the software afterwards.  There’s a three-week grace period between time of reporting and the need to include the hack for it to be considered part of the original report.

For more details head on over to the HackerOne Nintendo page.  At the very least it’s interesting to see Nintendo reach out to the hacking community to possibly rewards its efforts, rather than turn a blind eye to them.