Nintendo offers $20,000 bounty for 3DS exploits

4.8
Are you rather good at discovering hardware vulnerabilities? If so, Nintendo wants your help.

According to a notice from the company in partnership with HackerOne, Nintendo is offering up to $20,000 for the discovery of critical security vulnerabilities with 3DS systems.

The invitation is open to “highly skilled researchers” to find and address vulnerabilities which could “jeopardize the hardware environment.”

Subjects listed below are examples of what Nintendo is keen on preventing:

Piracy, including:

  • Game application dumping
  • Copied game application execution
  • Cheating, including:
  • Game application modification
  • Save data modification
  • Dissemination of inappropriate content to children

Vulnerabilities:

  • System vulnerabilities regarding the Nintendo 3DS™ family of systems
  • Privilege escalation on ARM11 userland
  • ARM11 kernel takeover
  • ARM9 userland takeover
  • ARM9 kernel takeover
  • Vulnerabilities regarding Nintendo-published applications for the Nintendo 3DS™ family of systems
  • ARM11 userland takeover
  • Hardware vulnerabilities regarding the Nintendo 3DS™ family of systems
  • Low-cost cloning
  • Security key detection via information leaks

Of course, there are terms and conditions to the incentive, and Nintendo reserves the right to choose “whether or not it will address” any reported vulnerabilities.

“Nintendo will pay rewards to the first reporter of qualifying vulnerability information ranging from $100 USD to $20,000 USD. Only one reward per qualifying piece of vulnerability information will be awarded. Nintendo will determine at its discretion whether the vulnerability information qualifies for a reward as well as the amount of any such reward. Nintendo does not disclose how the reward amount is calculated. Vulnerability information that is already known to Nintendo or the public, for example, does not qualify for a reward. Rewards will not be issued to individuals who are on sanction lists, or who are in countries on sanction lists.”



Posted:
Related Forum: Gaming Discussion

Source: http://www.vg247.com/2016/12/06/nintendo-offering-up-to-20000-to-anyone-who-can-discover-3ds-hardware-vulnerabilities/

Comments

"Nintendo offers $20,000 bounty for 3DS exploits" :: Login/Create an Account :: 21 comments

If you would like to post a comment please signin to your account or register for an account.

GnuPosted:

Lol maybe if the 3DS wasn't made poorly we wouldn't have this problem

GadPosted:

There will always be a way!
No matter what they do

HaloPosted:

I bet even when exploits are found Nintendo is gonna lowball them.

SleepPosted:

It won't stop them from finding ways around it.

MarkPosted:

dah Eh, this is all gone wrong. As Bourne has said below. You grab so many but there're so many dumps.


and regardless even if they take them off the internet, thousands have these cracks downloaded. They will always be around.

9ntyPosted:

Eh, this is all gone wrong. As Bourne has said below. You grab so many but there're so many dumps.

MarkPosted:

won't last long, there are so many dumps. its like saying lets get all PC modders. Goodluck

DiscPosted:

id love to search for some exploits for some free money

TomPosted:

damn, cant believe a bounty though. Hopefully its resolved because thats a hell load of money

FibrilPosted:

357
FibreOp Just wow, funny how the article says 20k but in description they change it from ranging $100 to $20k. Plus Nintendo decides what the info is worth and how much. Sounds like a scam to only give out $100 instead of never giving out 20k :P


I'd imagine that they are looking for a very specific exploit and if someone finds it they might be so inclined to give them 20k (doubt it tho)


Yeah could be. Who knows this could possibly open a window for jailbreakers to start charging to jailbreak peoples devices since Nintendo is now paying for exploits? :P