Nintendo has been switching things up a bit lately! They have now announced a partnership with HackerOne to offer incentives for developers to find bugs and report them to be patched.
As stated in the official posting
Nintendo’s goal is to provide a secure environment for our customers so that they can enjoy our games and services. In order to achieve this goal, Nintendo is interested in receiving vulnerability information that researchers may discover regarding Nintendo’s platforms. Currently, in the context of the HackerOne program, Nintendo is only interested in vulnerability information regarding the Nintendo 3DS™ family of systems and is not seeking vulnerability information regarding other Nintendo platforms, network service, or server-related information.
Some of the vulnerabilites and exploits which they are targetting include the following
- System vulnerabilities regarding the Nintendo 3DS™ family of systems
- Privilege escalation on ARM11 userland
- ARM11 kernel takeover
- ARM9 userland takeover
- ARM9 kernel takeover
- Vulnerabilities regarding Nintendo-published applications for the Nintendo 3DS™ family of systems
- ARM11 userland takeover
- Hardware vulnerabilities regarding the Nintendo 3DS™ family of systems
- Low-cost cloning
- Security key detection via information leaks
By patching these holes they aim to prevent these types of activities
- Piracy, including:
- Game application dumping
- Copied game application execution
- Cheating, including:
- Game application modification
- Save data modification
- Dissemination of inappropriate content to children
Nintendo’s Rewards include up to a $20,000 USD bounty for the discovery of critical bugs.
Certain conditions apply to this program. To learn about the full details, and to report Nintendo 3DS security vulnerabilities, please visit http://hackerone.com/nintendo.