These days being a hacker is not so black and white. Hackers aren’t inherently bad or good and legitimate companies are utilizing hacker’s skills more and more. Game companies need to provide their customers with secure and private services. Now, HackerOne is working with Nintendo to find security holes in 3DS services and offer a bounty of up to USD $20,000.
HackerOne is the first vulnerability and bug bounty platform and was created by Facebook, Microsoft, and Google. They offer a service for companies that highlights security vulnerabilities and pays hackers for finding them. Minimum pay for a valid exploit is USD $100, while the average hack pays USD $500 and the highest hack is currently USD $30,000. Fortunately, anyone can learn to hack through the HackerOne program in addition to building an online profile and potentially making a living.
Aiming to secure the 3DS family of systems, Nintendo is providing a top quality bounty. Nintendo won’t accept information on other systems and decide on the validity of reported vulnerabilities through HackerOne’s online bounty program. Payment for an exposed exploit usually occurs after the company has fixed any valid bugs.
What will hacking Nintendo 3DS systems achieve?
Nintendo are focused on preventing:
- Piracy, including game application dumping and copied game application execution.
- Cheating, including game application modification and save data modification.
- Dissemination of inappropriate content to children.
Vulnerabilities Nintendo hope to find information about:
- System vulnerabilities in the 3DS family of systems such as privilege escalation on ARM11 userland and ARM11 kernel takeover.
- Vulnerabilities in Nintendo-published applications for the 3DS family of systems such as ARM11 userland takeover.
- Hardware vulnerabilities regarding the 3DS family of systems such as low-cost cloning and security key detection via information leaks.
Be aware that Nintendo won’t be paying out for information and exploits they already know about. The worse the exploit, the more Nintendo are likely to pay after a completed report. With Nintendo Switch just around the corner in March 2017, some say the result of HackerOne’s program will be an end-of-life update for 3DS.
