Nintendo Gives Out Rewards To Those Who Can Report 3DS Exploit Vulnerabilities
Video game giant Nintendo is offering to reward detailed reports of 3DS systems exploit vulnerabilities. The bounty starts off at $100 and could be as high as $20,000. The campaign is channeled via San Francisco-based organization called HackerOne.
The page says that Nintendo focuses in vulnerability information with regards to its handheld Nintendo 3DS and its family of systems. They are not seeking data about vulnerabilities on other Nintendo platforms, servers, or network services. The actual words read:
"Nintendo is only interested in vulnerability information regarding the Nintendo 3DS ...not seeking vulnerability information regarding other Nintendo platforms, network service, or server-related information,"
Giving bounties to reported system vulnerabilities isn't new. This was pioneered by Netscape, which developed its program much thanks to its tech support engineer, Jarret Ridlinghafer. After that, many other companies have adapted the idea to convert attackers to collaborators instead. It seems that cash rewards have worked so far.
HackerOne has helped a plethora of companies such as Amazon Web Services, Starbucks, Dropbox, AirBNB, Yelp, GitHub, Slack, Uber, Twitter, among a lot of others. These companies offer various rewards for people who report valid risks to their systems.
Prevention of piracy, cheating, and exposure of inappropriate content to kids are the main focuses on why Nintendo is doing this campaign. Nintendo also lists "copied game application execution" under the Piracy heading which puts homebrew 3DS games away from the targeted scope.
Rewards will be offered to the first reporter who can prove qualifying vulnerability. The amount to be paid will be up to Nintendo's discretion. The amount would depend on the importance of the information combined with the report's quality. Information importance is prioritized when the hack becomes easiest to perform.
Any reports submitted becomes Nintendo's property regardless if credible or not. Those who are interested may file their report here.