Nintendo offers $20,000 bounty for 3DS exploits

4.8
Are you rather good at discovering hardware vulnerabilities? If so, Nintendo wants your help.

According to a notice from the company in partnership with HackerOne, Nintendo is offering up to $20,000 for the discovery of critical security vulnerabilities with 3DS systems.

The invitation is open to “highly skilled researchers” to find and address vulnerabilities which could “jeopardize the hardware environment.”

Subjects listed below are examples of what Nintendo is keen on preventing:

Piracy, including:

  • Game application dumping
  • Copied game application execution
  • Cheating, including:
  • Game application modification
  • Save data modification
  • Dissemination of inappropriate content to children

Vulnerabilities:

  • System vulnerabilities regarding the Nintendo 3DS™ family of systems
  • Privilege escalation on ARM11 userland
  • ARM11 kernel takeover
  • ARM9 userland takeover
  • ARM9 kernel takeover
  • Vulnerabilities regarding Nintendo-published applications for the Nintendo 3DS™ family of systems
  • ARM11 userland takeover
  • Hardware vulnerabilities regarding the Nintendo 3DS™ family of systems
  • Low-cost cloning
  • Security key detection via information leaks

Of course, there are terms and conditions to the incentive, and Nintendo reserves the right to choose “whether or not it will address” any reported vulnerabilities.

“Nintendo will pay rewards to the first reporter of qualifying vulnerability information ranging from $100 USD to $20,000 USD. Only one reward per qualifying piece of vulnerability information will be awarded. Nintendo will determine at its discretion whether the vulnerability information qualifies for a reward as well as the amount of any such reward. Nintendo does not disclose how the reward amount is calculated. Vulnerability information that is already known to Nintendo or the public, for example, does not qualify for a reward. Rewards will not be issued to individuals who are on sanction lists, or who are in countries on sanction lists.”



Posted:
Related Forum: Gaming Discussion

Source: http://www.vg247.com/2016/12/06/nintendo-offering-up-to-20000-to-anyone-who-can-discover-3ds-hardware-vulnerabilities/

Comments

"Nintendo offers $20,000 bounty for 3DS exploits" :: Login/Create an Account :: 21 comments

If you would like to post a comment please signin to your account or register for an account.

MickersPosted:

It's a good idea, but i don't ever think every exploit will always be found.

16Posted:

They're dropping a sum for this, then again it is a bug bounty and plenty of companies offer that 20k tops tier

EarnPosted:

Thats alot of money they are willing to give for exploits. To get the full price the exploit must be extremely bad, hopefully their isn't to many exploits.

BondsPosted:

FibreOp Just wow, funny how the article says 20k but in description they change it from ranging $100 to $20k. Plus Nintendo decides what the info is worth and how much. Sounds like a scam to only give out $100 instead of never giving out 20k :P


I'd imagine that they are looking for a very specific exploit and if someone finds it they might be so inclined to give them 20k (doubt it tho)

FibrilPosted:

Just wow, funny how the article says 20k but in description they change it from ranging $100 to $20k. Plus Nintendo decides what the info is worth and how much. Sounds like a scam to only give out $100 instead of never giving out 20k :P

NickPosted:

$20k isn't even that much to put that much effort into something like this

RickPosted:

it's a really good idea for the company but for only $20k for a exploit that could potentially ruin their monetary intake for the device doesn't seem worth it even if I knew how to find such exploits.

ZydrinPosted:

Holy hell! Wish I could find exploits. $20k would bail me out of debt.

SkatesPosted:

Ah takes me back to the good old days of Halo and trying trying to find exploits, like jumping in the same spot a thousand times lmao.
I wonder if anyone will find an exploit worthy of them handing out 20k.

TelePosted:

Why would they pay someone to do that, it's so stupid.