Nintendo has been switching things up a bit lately! They have now announced a partnership with HackerOne to offer incentives for developers to find bugs and report them to be patched.
As stated in the official posting
Nintendo’s goal is to provide a secure environment for our customers so that they can enjoy our games and services. In order to achieve this goal, Nintendo is interested in receiving vulnerability information that researchers may discover regarding Nintendo’s platforms. Currently, in the context of the HackerOne program, Nintendo is only interested in vulnerability information regarding the Nintendo 3DS™ family of systems and is not seeking vulnerability information regarding other Nintendo platforms, network service, or server-related information.
Some of the vulnerabilites and exploits which they are targetting include the following
- System vulnerabilities regarding the Nintendo 3DS™ family of systems
- Privilege escalation on ARM11 userland
- ARM11 kernel takeover
- ARM9 userland takeover
- ARM9 kernel takeover
- Vulnerabilities regarding Nintendo-published applications for the Nintendo 3DS™ family of systems
- ARM11 userland takeover
- Hardware vulnerabilities regarding the Nintendo 3DS™ family of systems
- Low-cost cloning
- Security key detection via information leaks
By patching these holes they aim to prevent these types of activities
- Piracy, including:
- Game application dumping
- Copied game application execution
- Cheating, including:
- Game application modification
- Save data modification
- Dissemination of inappropriate content to children
Nintendo’s Rewards include up to a $20,000 USD bounty for the discovery of critical bugs.
Certain conditions apply to this program. To learn about the full details, and to report Nintendo 3DS security vulnerabilities, please visit http://hackerone.com/nintendo.
- Qwertyoruiop claims PS4 is pwned on f... — Qwertyoruiop is in the news again now claiming to have cracked the PS4 on firmware 4.50 – 4.55 4.50, should work on 4.55 too pic.twitter.com/zWvshihocp — qwertyoruiop (@qwertyoruiopz) April 19, 2017 This comes days after qwertyoruiop publicly released a webkit exploit for firmwares below 4.07 . qwertyoruiop has confirmed that the both the webkit and 4.50 [...]
- Hackers make progress on cracking the... — Since the webkit vulnerability and Pegaswitch were released on the Nintendo Switch a few day after the console’s launch, several hackers have been digging into the internals of the console to learn about its system. Hacker Plutoo of 3DS/Wii U Fame confirmed yesterday that he has been able to grab what appears to be data/API [...]
- Xbox One hack: Xbox One Exploit Proof... — Developer unknownv2 has released a proof of concept exploit for the Xbox One. The exploit leverages a series of known vulnerabilities in the Microsoft Edge Browser (CVE-2016-7200 and CVE-2016-7241). This is an exploit of the ridiculously rebranded Interenet explorer browser dubbed Microsoft Edge. In November last year, several critical vulnerabilities were found in the Edge [...]
- PS4 Webkit hack: SpecterDev explains ... — A few days ago, hacker qwertyoruiop released a Webkit exploit for the PS4, compatible up to firmware 4.07 included. He has since then improved the exploit to include a ROP Chain and basic syscalls, but providing only compatibility for 4.06, the firmware on which he is personally working. SpecterDev, self described as a programmer interested [...]
- PSvita Adrenaline-2 and Easy installe... — Adrenaline version 2 is finally out after being promised by TheFlow in February. Of course, that doesn’t mean that TheFlow wasn’t busy with the Vita as he added USB mass storage device support for easy file transfer and the ability to use a pen drive or external S/HDD via VitaShell. Changelog Allowing you to [...]