Security researchers now have an excuse to play video games: Nintendo just launched its very own bug bounty program for 3DS handheld consoles. Here are the details.
The program is offered through bug bounty platform HackerOne and comes after some homebrew exploits were found earlier this year that let users run their own code on the console. This has piracy implications as people can then develop ways to play pirated games on the handheld. Since the Nintendo 3DS was launched in 2011, there have been a number of homebrew vulnerabilities that have been found. Nintendo has patched many of them through firmware updates.
Nintendo has made it clear that the bug bounty program is aimed at weeding out software and hardware vulnerabilities that can lead to piracy, cheating along with other security flaws on the console. Monetary rewards for reporting vulnerabilities will range from US$100 to $20,000, depending on the severity of the bugs found.
Here's are some examples of the types of activities Nintendo is trying to stop with the program:
- Game application dumping
- Copied game application execution
- Game application modification
- Save data modification
Dissemination of inappropriate content to children
Some of the vulnerabilities that Nintendo wants to know about include:
System vulnerabilities regarding the Nintendo 3DS family of systems:
- Privilege escalation on ARM11 userland
- ARM11 kernel takeover
- ARM9 userland takeover
- ARM9 kernel takeover
Vulnerabilities regarding Nintendo-published applications for the Nintendo 3DS family of systems:
- ARM11 userland takeover
Hardware vulnerabilities regarding the Nintendo 3DS™ family of systems
- Low-cost cloning
- Security key detection via information leaks
If you want to be a bug hunter for the Nintendo 3DS, including the 3DS XL, you should head over to the company's HackerOne page for more information.