Nintendo looking to reward Switch hackers up to US$20,000

By @ULB1N on
Nintendo Switch
A man plays Nintendo's new game console Switch at its experience venue in Tokyo, Japan January 13, 2017. Reuters/Kim Kyung-Hoon

Nintendo is offering a large sum of money to hackers who can exploit holes in its latest console, the Nintendo Switch. A successful crack can earn hopefuls up to US$20,000 (AU$26,550).

Just like last year’s 3DS programme, Nintendo has partnered with HackerOne to give white hat hackers a chance to earn some big bucks by finding vulnerabilities in its new Switch console. To protect its latest product from manipulation and provide its users a safe gaming experience, the susceptibility package covers a wide range of activities that the video game giant intends to prevent from happening. Nintendo isn’t involving its other consoles or services in the rewards programme, which offers a minimum prize of US$100 (AU$134).

Among the kinds of exploits that Nintendo aims to thwart include piracy (game application dumping and copied game application execution), cheating (game application and save data modification), and propagation of improper content to children. Examples of Nintendo Switch vulnerability information that the company hopes to accumulate include system (privilege escalation from userland, kernel takeover and ARM TrustZone takeover), published application and hardware vulnerabilities.

This kind of rewards programme is now common in the business of technology. Big time corporations now pay experts to expose vulnerabilities in their systems beforehand instead of pulling their hair out on potentially more damaging future attacks. The first known bug bounty programme was initiated by American computer services company Netscape more than two decades ago when it offered monetary rewards to white hat hackers for discovering anomalies on the Netscape Navigator 2.0 Beta.

HackerOne’s extensive list of major league clients includes Twitter, Starbucks, Uber, Ubiquiti Networks, Urban Dictionary, Vimeo, Yahoo and Yelp. The vulnerability coordination and bug bounty platform also has Snapchat, Open-Xchange, OLX, Kaspersky Lab, Imgur, Dropbox, Adobe and even Pornhub as patrons.

Last year’s Nintendo 3DS rewards programme offered the same terms and monetary amount. The company is going to pay off the first reporter of qualifying vulnerability information. Nintendo shall be the one to judge whether any information deserves some compensation or how much the bounty will be. The Japanese gaming giant likewise isn’t going to publicly disclose how it intends to calculate and when it allocates the monetary rewards.

“The reward amount depends on the importance of the information and the quality of the report,” the Nintendo Switch programme policy states. “A report is evaluated to be high quality if you show that the vulnerability is exploitable by providing a proof of concept (functional exploit code is even better).”


Join the Discussion