Nintendo Offers Cash Bounties for 3DS Vulnerability Information

Nintendo is offering rewards of USD$100 to USD$20,000 in return for detailed reports of vulnerabilities found in 3DS systems via HackerOne, a...
  1. RSS Feed
    [​IMG]

    Nintendo is offering rewards of USD$100 to USD$20,000 in return for detailed reports of vulnerabilities found in 3DS systems via HackerOne, a “vulnerability coordination and bug bounty platform” based in San Francisco.

    “Nintendo is only interested in vulnerability information regarding the Nintendo 3DS™ family of systems and is not seeking vulnerability information regarding other Nintendo platforms, network service, or server-related information,” reads the company’s HackerOne page, in a desperate plea to please stay away from its other higher-risk systems.

    The practice of offering rewards for discovered vulnerabilities isn’t a new one. The first company credited with the idea was Netscape, which developed its program thanks to the efforts of technical support engineer Jarret Ridlinghafer. Many other companies have jumped at the idea, in the hope of turning potential attackers into collaborators, by incentivizing their efforts with cash rewards. Reading just from the HackerOne clients list, companies such as AirBNB, Amazon Web Services, Starbucks, Yelp, Uber, GitHub, Slack, Twitter, Dropbox, and many others offer various rewards to those that identify at-risk systems.

    Nintendo is focusing potential hackers on the prevention of piracy, cheating, and the dissemination of inappropriate content to children. Under the Piracy heading, Nintendo also lists “copied game application execution,” which does put the unlicensed homebrew 3DS games community squarely in the crosshairs. The company has a history of this, with various exploits and hacks being patched out in firmware updates, and lawsuits launched at game copying devices such as the R4 card.

    Rewards will be paid to the first reporter of a qualifying vulnerability, with the bounty amount being at Nintendo’s discretion. “The reward amount depends on the importance of the information and the quality of the report,” reads Nintendo’s HackerOne policy. “In general, the importance of the information is higher if the vulnerability is severe, easy-to-exploit, etc.”

    It should be obvious, but any submitted vulnerability information, whether it is deemed worthy of a reward or not, will become the sole property of Nintendo. Even hackers need to read the fine print.

    Source: GameSpot

    Share This Article

Comments

To make a comment simply sign up and become a member!
  1. 3xTiNcT
    That's pretty funny. Easy money.
  2. Red
    A few years too late.

    They should have thought of this when they hid the games title keys on the damn 3DS itself...and better yet when they hid the second half of the Wii U title key on the ****ing 3DS as well.
      Blitz likes this.