Nintendo has launched a new bug bounty program offering rewards of up to £15,000 ($20,000) in exchange for information about vulnerabilities related to its portable console, the 3DS.
Hosted by San Francisco-based HackerOne, a bug bounty platform created by security personnel from Facebook, Microsoft and Google, the program invites researchers to find and address security vulnerabilities in the 3DS. These include “distribution of inappropriate content to children”, cheating such as “saving modification of data” and of course piracy via “dumping game applications” and “copied execution of game applications”.
Nintendo also lists potential areas of research, including system vulnerabilities via “ARM11 kernel takeovers” and hardware vulnerabilities via “security key detection”.
Those interested in getting their hands on one of Nintendo’s rewards — which range from $100 to $20,000 depending on the vulnerability exposed — should provide a description of the issue, as well as proof-of-concept or even functional code. Nintendo allows code to be submitted up to three weeks after the initial report.
Notably, even if Nintendo does not offer a reward, the company has a “worldwide, perpetual, irrevocable, non-exclusive, transferable, sublicensable, fully paid and royalty-free license” for all submitted information.
Nintendo’s 3DS has been hacked several times over the years, allowing the console to run homebrew software as well as
pirated game backups. One of the most famous exploits was the obscure Ubisoft platformer Cubic Ninja, raising eBay prices for the game. Earlier this year, another exploit emerged, this time using the indie gravity-flipping platformer tourist information. It was quickly pulled from Nintendo eShop after the hack.
Listing image by ZM Yi/Flickr