This post is also available in / Esta entrada está disponible también en: Spanish (Español) .
In order to provide a safe and worry-free environment, Nintendo now offers incentives to report vulnerabilities on 3DS devices. In association with security company Hacker One, Nintendo is willing to pay from $100 up to $20,000 to those who report exploits that may be used for unfair purposes.
According to Nintendo, the following are examples of the kind of activities the company wants to prevent:
- Piracy, including:
- Game application dumping
- Copied game application execution
- Cheating, including:
- Game application modification
- Save data modification
- Dissemination of inappropriate content to children
Nintendo also shared a list of the vulnerabilities it is interested in:
- System vulnerabilities regarding the Nintendo 3DS™ family of systems
- Privilege escalation on ARM11 userland
- ARM11 kernel takeover
- ARM9 userland takeover
- ARM9 kernel takeover
- Vulnerabilities regarding Nintendo-published applications for the Nintendo 3DS™ family of systems
- ARM11 userland takeover
- Hardware vulnerabilities regarding the Nintendo 3DS™ family of systems
- Low-cost cloning
- Security key detection via information leaks
The company does not say how much it will pay the first reporter of a specific vulnerability nor it will say how a reward is calculated. Also, the reward won’t be paid until a vulnerability has been fixed. To qualify, a vulnerability must not be known by Nintendo or be known by others.
With more information provided, there are more chances for the report to be of high quality, especially if a proof of concept is included.
[Source]: HackerOne.com: Nintendo launches vulnerability reward program for Nintendo 3DS.