Nintendo hasn’t always taken security on its devices seriously. Anyone who bought a Nintendo DS console will remember just how easy it was to break that device wide open and do all kinds of things with it. In recent years though it’s become a bone of contention with the company, who finds itself constantly working to remain one step ahead of hackers and modders who seek to disrupt its hardware and software. Now the company has decided to reach out to hackers in its quest to stay one step ahead.
More specifically, Nintendo has reached out to hacker groups – offering monetary rewards for information or tips that lead to the closing of security loopholes.
Taken from the document sent to such websites, the list of things Nintendo is looking for is quite extensive;
Below are examples of types of activities that Nintendo is focused on preventing:
- Piracy, including:
- Game application dumping
- Copied game application execution
- Cheating, including:
- Game application modification
- Save data modification
- Dissemination of inappropriate content to children
Below are examples of vulnerabilities that Nintendo is interested in receiving information about:
System vulnerabilities regarding Nintendo Switch
- Privilege escalation from userland
- Kernel takeover
- ARM® TrustZone® takeover
Vulnerabilities regarding Nintendo-published applications for Nintendo Switch
- Userland takeover
System vulnerabilities regarding the Nintendo 3DS family of systems
- Privilege escalation on ARM® ARM11™ userland
- ARM11 kernel takeover
- ARM® ARM9™ userland takeover
- ARM9 kernel takeover
Vulnerabilities regarding Nintendo-published applications for the Nintendo 3DS family of systems
- ARM11 userland takeover that doesn’t require other hacks or tools (“secondary” exploits would be those that require other hacks or tools to be effective; those would be out of scope for this program)
- Hardware vulnerabilities regarding either the Nintendo Switch system or the Nintendo 3DS™ family of systems
Security key detection via information leaks
If you’re interested in how much this can net you;
“Nintendo will pay rewards to the first reporter of qualifying vulnerability information ranging from $100 USD to $20,000 USD. Only one reward per qualifying piece of vulnerability information will be awarded. Nintendo will determine at its discretion whether the vulnerability information qualifies for a reward as well as the amount of any such reward.”
It makes sense ultimately. The original Nintendo DS became infamous for the ease of hacking and use of ROM’s – it’s a situation that forced Nintendo to knuckle down and constantly keep one step ahead of hackers on its Nintendo 3DS console. There it took a good long time before gamers were able to achieve anywhere near the levels of success that were previously possible.
With the Nintendo Switch selling well, Nintendo will want to ensure that it remains a trustworthy platform for developers. So if you fancy making a quick buck, get hunting!