walterbates on 06 December 2016
Nintendo is offering an incentive to the world’s finest researchers to find and report security vulnerabilities for the Nintendo 3DS family of handheld game systems. In coordination with HackerOne, Nintendo will pay up to U.S. $20,000 for the discovery of critical security vulnerabilities.
Below are examples of types of activities that Nintendo is focused on preventing:
- Piracy, including:
- Game application dumping
- Copied game application execution
- Cheating, including:
- Game application modification
- Save data modification
- Dissemination of inappropriate content to children
Below are examples of vulnerabilities that Nintendo is interested in receiving information about:
- System vulnerabilities regarding the Nintendo 3DS™ family of systems
- Privilege escalation on ARM11 userland
- ARM11 kernel takeover
- ARM9 userland takeover
- ARM9 kernel takeover
- Vulnerabilities regarding Nintendo-published applications for the Nintendo 3DS™ family of systems
- ARM11 userland takeover
- Hardware vulnerabilities regarding the Nintendo 3DS™ family of systems
- Low-cost cloning
- Security key detection via information leaks
Nintendo will pay rewards to the first reporter of qualifying vulnerability information ranging from $100 USD to $20,000 USD. Only one reward per qualifying piece of vulnerability information will be awarded.
