Security

Nintendo Bug Bounty Programme Rewards Hackers For 3DS Vulnerabilities

Sam Pudwell joined Silicon UK as a reporter in December 2016. As well as being the resident Cloud aficionado, he covers areas such as cyber security, government IT and sports technology, with the aim of going to as many events as possible.

Nintendo has launched a bug bounty programme, offering rewards of up to $20,000 for vulnerabilities around its 3DS family of systems

Nintendo has launched a bug bounty programme on the vulnerability coordination website HackerOne, focused on the Nintendo 3DS handheld console.

The company is looking to prevent activities such as piracy, cheating and the circulation of inappropriate content to children, through both system and hardware bugs.

The stated goal is to “provide a secure environment for our customers so that they can enjoy our games and services. In order to achieve this goal, Nintendo is interested in receiving vulnerability information that researchers may discover regarding Nintendo’s platforms.”

nintendo-3ds-2

Nintendo goes bug hunting

Rewards will range from $100 to $20,000 (£70 – £15,900), with one given per “qualifying piece of vulnerability information.”

The amount of the reward will depend on “the importance of the information and the quality of the report. In general, the importance of the information is higher if the vulnerability is severe, easy-to-exploit, etc.”

Hackers looking to claim a reward will have to provide Nintendo with either a proof-of-concept or a piece of functional exploit code in order to qualify.

As the threat landscape has evolved in recent times, bug bounty programmes have become commonplace amongst software companies looking to exploit the skills of white-hat hackers.

For example, earlier this year Google doubled its Chrome bug bounty reward to $100,000 and Facebook recently announced that it has paid out more than $5 million (£4m) since its own scheme launched five years ago.

After Nintendo’s hugely popular mobile game Pokemon Go was reportedly hit by a DDoS attack over the summer, it seems the company is ready to take the issue of security seriously.

Quiz: What do you know about video games and tech?