This post is also available in / Esta entrada está disponible también en: Spanish (Español) .

In order to provide a safe and worry-free environment, Nintendo now offers incentives to report vulnerabilities on 3DS devices. In association with security company Hacker One, Nintendo is willing to pay from $100 up to $20,000 to those who report exploits that may be used for unfair purposes.

According to Nintendo, the following are examples of the kind of activities the company wants to prevent:

  • Piracy, including:
    • Game application dumping
    • Copied game application execution
  • Cheating, including:
    • Game application modification
    • Save data modification
  • Dissemination of inappropriate content to children

Nintendo also shared a list of the vulnerabilities it is interested in:

  • System vulnerabilities regarding the Nintendo 3DS™ family of systems
    • Privilege escalation on ARM11 userland
    • ARM11 kernel takeover
    • ARM9 userland takeover
    • ARM9 kernel takeover
  • Vulnerabilities regarding Nintendo-published applications for the Nintendo 3DS™ family of systems
    • ARM11 userland takeover
  • Hardware vulnerabilities regarding the Nintendo 3DS™ family of systems
    • Low-cost cloning
    • Security key detection via information leaks

The company does not say how much it will pay the first reporter of a specific vulnerability nor it will say how a reward is calculated. Also, the reward won’t be paid until a vulnerability has been fixed. To qualify, a vulnerability must not be known by Nintendo or be known by others.

With more information provided, there are more chances for the report to be of high quality, especially if a proof of concept is included.

[Source]: HackerOne.com: Nintendo launches vulnerability reward program for Nintendo 3DS.

%d bloggers like this: