Submit a news tip

Every Shiny-locked Pokemon in 2024
Monolith Soft talks about Xenoblade 3’s City and fate of the Citizens
April 2024 Indie World Showcase live stream
Wii U games that still haven’t been ported to Switch
Monolith Soft explains approach to villains in Xenoblade Chronicles 3
[Let’s Talk] Paper Mario: The Thousand-Year Door Switch features
Examining what went wrong with Pokemon Brilliant Diamond and Shining Pearl
Zelda: Tears of the Kingdom composer shares insight into the music


Nintendo teams up with HackerOne, paying up to $20,000 for finding and reporting 3DS security vulnerabilities

Posted on December 5, 2016 by (@NE_Brian) in 3DS, News

Nintendo is now working with HackerOne to crack down on 3DS security vulnerabilities. Those who find and report such flaws can earn up to $20,000.

A post on HackerOne reads:

“Nintendo is dedicated to providing video game fans worldwide premium entertainment in a welcoming and secure environment. To that end, Nintendo invites highly skilled researchers to find and address vulnerabilities on the Nintendo 3DS handheld system that could jeopardize that environment. Nintendo is committed to creating a better game-play experience for all through those actions.”

Nintendo hopes to prevent piracy, cheating, and dissemination of inappropriate content to children. ARM11 and ARM9, low-cost cloning, and security key detection are specifically called out when it comes to vulnerabilities.

Regarding rewards, we have the following information:

Nintendo will pay rewards to the first reporter of qualifying vulnerability information ranging from $100 USD to $20,000 USD. Only one reward per qualifying piece of vulnerability information will be awarded. Nintendo will determine at its discretion whether the vulnerability information qualifies for a reward as well as the amount of any such reward. Nintendo does not disclose how the reward amount is calculated. Vulnerability information that is already known to Nintendo or the public, for example, does not qualify for a reward. Rewards will not be issued to individuals who are on sanction lists, or who are in countries on sanction lists.

The reward amount depends on the importance of the information and the quality of the report. In general, the importance of the information is higher if the vulnerability is severe, easy-to-exploit, etc.

A report is evaluated to be high quality if you show that the vulnerability is exploitable by providing a proof of concept (functional exploit code is even better). If you don’t yet have a proof of concept, or functional exploit code, we still encourage you to report to us sooner rather than later such that you do not to lose the opportunity to become the first reporter; you can then submit a proof of concept or functional exploit code later (within three (3) weeks of the initial report) and it will be considered to be a part of the report.

The reward will be paid after the reported vulnerability has been fixed by Nintendo, but no later than four (4) months after Nintendo has confirmed the reported vulnerability.

Nintendo will not disclose to the public the amount of any reward distributed by Nintendo.

Visit this page for additional details as well as to report security vulnerabilities within 3DS.

Thanks to Anthony for the tip.

Source

More:

Leave a Reply

Nintendo Everything logo

About
Review Policy
Privacy Policy
Contact us

Reviews
Features
Podcasts
News

Twitter icon Facebook icon YouTube icon

© Copyright 2024

Manage Cookie Settings