Nintendo offers $20,000 bounty for 3DS exploits

4.8

Are you rather good at discovering hardware vulnerabilities? If so, Nintendo wants your help.

According to a notice from the company in partnership with HackerOne, Nintendo is offering up to $20,000 for the discovery of critical security vulnerabilities with 3DS systems.

The invitation is open to “highly skilled researchers” to find and address vulnerabilities which could “jeopardize the hardware environment.”

Subjects listed below are examples of what Nintendo is keen on preventing:

Piracy, including:

Game application dumping
Copied game application execution
Cheating, including:
Game application modification
Save data modification
Dissemination of inappropriate content to children

Vulnerabilities:

System vulnerabilities regarding the Nintendo 3DS™ family of systems
Privilege escalation on ARM11 userland
ARM11 kernel takeover
ARM9 userland takeover
ARM9 kernel takeover
Vulnerabilities regarding Nintendo-published applications for the Nintendo 3DS™ family of systems
ARM11 userland takeover
Hardware vulnerabilities regarding the Nintendo 3DS™ family of systems
Low-cost cloning
Security key detection via information leaks

Of course, there are terms and conditions to the incentive, and Nintendo reserves the right to choose “whether or not it will address” any reported vulnerabilities.

“Nintendo will pay rewards to the first reporter of qualifying vulnerability information ranging from $100 USD to $20,000 USD. Only one reward per qualifying piece of vulnerability information will be awarded. Nintendo will determine at its discretion whether the vulnerability information qualifies for a reward as well as the amount of any such reward. Nintendo does not disclose how the reward amount is calculated. Vulnerability information that is already known to Nintendo or the public, for example, does not qualify for a reward. Rewards will not be issued to individuals who are on sanction lists, or who are in countries on sanction lists.”

Posted: Dec 06, 2016 2:07 pm
Related Forum: Gaming Discussion

Source: http://www.vg247.com/2016/12/06/nintendo-offering-up-to-20000-to-anyone-who-can-discover-3ds-hardware-vulnerabilities/

Comments

MickersPosted: Tue. Dec 06, 2016

It's a good idea, but i don't ever think every exploit will always be found.

16Posted: Tue. Dec 06, 2016

They're dropping a sum for this, then again it is a bug bounty and plenty of companies offer that 20k tops tier

EarnPosted: Tue. Dec 06, 2016

Thats alot of money they are willing to give for exploits. To get the full price the exploit must be extremely bad, hopefully their isn't to many exploits.

BondsPosted: Tue. Dec 06, 2016

FibreOp Just wow, funny how the article says 20k but in description they change it from ranging $100 to $20k. Plus Nintendo decides what the info is worth and how much. Sounds like a scam to only give out $100 instead of never giving out 20k :P

I'd imagine that they are looking for a very specific exploit and if someone finds it they might be so inclined to give them 20k (doubt it tho)

FibrilPosted: Tue. Dec 06, 2016

Just wow, funny how the article says 20k but in description they change it from ranging $100 to $20k. Plus Nintendo decides what the info is worth and how much. Sounds like a scam to only give out $100 instead of never giving out 20k :P

NickPosted: Tue. Dec 06, 2016

$20k isn't even that much to put that much effort into something like this

RickPosted: Tue. Dec 06, 2016

it's a really good idea for the company but for only $20k for a exploit that could potentially ruin their monetary intake for the device doesn't seem worth it even if I knew how to find such exploits.

ZydrinPosted: Tue. Dec 06, 2016

Holy hell! Wish I could find exploits. $20k would bail me out of debt.

SkatesPosted: Tue. Dec 06, 2016

Ah takes me back to the good old days of Halo and trying trying to find exploits, like jumping in the same spot a thousand times lmao.
I wonder if anyone will find an exploit worthy of them handing out 20k.