Skip to main content

Nintendo offering up to $20,000 to anyone who can discover 3DS hardware vulnerabilities

Are you rather good at discovering hardware vulnerabilities? If so, Nintendo wants your help.

new_3ds_01

According to a notice from the company in partnership with HackerOne, Nintendo is offering up to $20,000 for the discovery of critical security vulnerabilities with 3DS systems.

The invitation is open to "highly skilled researchers" to find and address vulnerabilities which could "jeopardize the hardware environment."

Subjects listed below are examples of what Nintendo is keen on preventing:

Piracy, including:

  • Game application dumping
  • Copied game application execution
  • Cheating, including:
  • Game application modification
  • Save data modification
  • Dissemination of inappropriate content to children

Vulnerabilities:

  • System vulnerabilities regarding the Nintendo 3DS™ family of systems
  • Privilege escalation on ARM11 userland
  • ARM11 kernel takeover
  • ARM9 userland takeover
  • ARM9 kernel takeover
  • Vulnerabilities regarding Nintendo-published applications for the Nintendo 3DS™ family of systems
  • ARM11 userland takeover
  • Hardware vulnerabilities regarding the Nintendo 3DS™ family of systems
  • Low-cost cloning
  • Security key detection via information leaks

Of course, there are terms and conditions to the incentive, and Nintendo reserves the right to choose "whether or not it will address" any reported vulnerabilities.

"Nintendo will pay rewards to the first reporter of qualifying vulnerability information ranging from $100 USD to $20,000 USD. Only one reward per qualifying piece of vulnerability information will be awarded. Nintendo will determine at its discretion whether the vulnerability information qualifies for a reward as well as the amount of any such reward. Nintendo does not disclose how the reward amount is calculated. Vulnerability information that is already known to Nintendo or the public, for example, does not qualify for a reward. Rewards will not be issued to individuals who are on sanction lists, or who are in countries on sanction lists."

More information is provided through the links.

Read this next