Nintendo are offering up to $20,000 to anyone who discovers vulnerabilities in the Nintendo Switch. The company are also seeking information on any vulnerabilities found regarding the 3DS system; however, they are not seeking information regarding any other Nintendo platforms or services.
Nintendo are offering the payments through Hacker One, with the company paying anywhere between $100 to $20,000 to anyone who can find vulnerabilities in the Switch’s hardware or software. If anyone comes across a potential flaw in the system, they can submit a report via Hacker One for Nintendo to receive; however, they state that it is up to their discretion if “the vulnerability information qualifies for a reward.”
Only one reward will be granted per qualifying piece of information, with the first person to report the vulnerability being the person to receive the reward.
Although Nintendo are interested in any vulnerabilities, they are particularly interested in:
- Piracy, including:
- Game application dumping
- Copied game application execution
- Cheating, including:
- Game application modification
- Save data modification
- Dissemination of inappropriate content to children
- System vulnerabilities regarding Nintendo Switch
- Privilege escalation from userland
- Kernel takeover
- ARM® TrustZone® takeover
- Vulnerabilities regarding Nintendo-published applications for Nintendo Switch
- Userland takeover
- System vulnerabilities regarding the Nintendo 3DS family of systems
- Privilege escalation on ARM® ARM11™ userland
- ARM11 kernel takeover
- ARM® ARM9™ userland takeover
- ARM9 kernel takeover
- Vulnerabilities regarding Nintendo-published applications for the Nintendo 3DS family of systems
- ARM11 userland takeover that doesn’t require other hacks or tools (“secondary” exploits would be those that require other hacks or tools to be effective; those would be out of scope for this program)
- Hardware vulnerabilities regarding either the Nintendo Switch system or the Nintendo 3DS™ family of systems
- Low-cost cloning
- Security key detection via information leaks
Nintendo first launched the program four months ago and have so far rewarded three “hackers”, although it’s not possible to see how much they were rewarded.
Source: *Hacker One
