- Dec 30, 2012
- 4,809
Nintendo has launched a new bug bounty programme that offers rewards of up to £15,000 ($20,000) in exchange for vulnerability information regarding its handheld console, the 3DS.
Hosted by San Francisco-based HackerOne—a bug bounty platform created by security staff from Facebook, Microsoft, and Google—the programme invites researchers to find and address security vulnerabilities in the 3DS. These include "dissemination of inappropriate content to children," cheating methods like "save data modification," and of course piracy via "game application dumping" and "copied game application execution."
Nintendo also lists potential areas of investigation, including system vulnerabilities via "ARM11 kernel takeovers," and hardware vulnerabilities via "security key detection."
Those interested in nabbing one of Nintendo's rewards—which range from $100 all the way up to $20,000, depending on the vulnerability exposed—need to provide a description of the problem as well as proof-of-concept, or even functional code. Nintendo allows for code to be submitted up to three weeks after the initial report.
Notably, even if Nintendo doesn't offer a reward, the company holds a "worldwide, perpetual, irrevocable, non-exclusive, transferable, sublicenseable, fully-paid and royalty-free license" for any information submitted.
Nintendo's 3DS has been hacked several times over the years, allowing the console to run homebrew software, as well as pirated backup copies of games. One of the most famous exploits involved the obscure Ubisoft platformer Cubic Ninja, causing a jump in eBay prices for the game. Earlier this year, another exploit emerged, this time using the indie gravity-flipping platform game VVVVVV. It was swiftly pulled from the Nintendo eShop following the hack.
Hosted by San Francisco-based HackerOne—a bug bounty platform created by security staff from Facebook, Microsoft, and Google—the programme invites researchers to find and address security vulnerabilities in the 3DS. These include "dissemination of inappropriate content to children," cheating methods like "save data modification," and of course piracy via "game application dumping" and "copied game application execution."
Nintendo also lists potential areas of investigation, including system vulnerabilities via "ARM11 kernel takeovers," and hardware vulnerabilities via "security key detection."
Those interested in nabbing one of Nintendo's rewards—which range from $100 all the way up to $20,000, depending on the vulnerability exposed—need to provide a description of the problem as well as proof-of-concept, or even functional code. Nintendo allows for code to be submitted up to three weeks after the initial report.
Notably, even if Nintendo doesn't offer a reward, the company holds a "worldwide, perpetual, irrevocable, non-exclusive, transferable, sublicenseable, fully-paid and royalty-free license" for any information submitted.
Nintendo's 3DS has been hacked several times over the years, allowing the console to run homebrew software, as well as pirated backup copies of games. One of the most famous exploits involved the obscure Ubisoft platformer Cubic Ninja, causing a jump in eBay prices for the game. Earlier this year, another exploit emerged, this time using the indie gravity-flipping platform game VVVVVV. It was swiftly pulled from the Nintendo eShop following the hack.
