While the humble Nintendo 3DS might not be around for too much longer with the impending arrival of the Nintendo Switch, it should not come as a surprise that the Big N are still interested to learn of any vulnerabilities on their 3DS family of systems that might still be exploited.
Nintendo recently posted on HackerOne (a vulnerability coordination and bug bounty platform) offering a bounty ranging from $100 USD to $20,000 USD for anyone who can discover vulnerabilities in the 3DS hardware as follows:
Nintendo will pay rewards to the first reporter of qualifying vulnerability information ranging from $100 USD to $20,000 USD. Only one reward per qualifying piece of vulnerability information will be awarded. Nintendo will determine at its discretion whether the vulnerability information qualifies for a reward as well as the amount of any such reward. Nintendo does not disclose how the reward amount is calculated. Vulnerability information that is already known to Nintendo or the public, for example, does not qualify for a reward. Rewards will not be issued to individuals who are on sanction lists, or who are in countries on sanction lists.
The reward amount depends on the importance of the information and the quality of the report. In general, the importance of the information is higher if the vulnerability is severe, easy-to-exploit, etc.
A report is evaluated to be high quality if you show that the vulnerability is exploitable by providing a proof of concept (functional exploit code is even better). If you don't yet have a proof of concept, or functional exploit code, we still encourage you to report to us sooner rather than later such that you do not to lose the opportunity to become the first reporter; you can then submit a proof of concept or functional exploit code later (within three (3) weeks of the initial report) and it will be considered to be a part of the report.The reward will be paid after the reported vulnerability has been fixed by Nintendo, but no later than four (4) months after Nintendo has confirmed the reported vulnerability.
Nintendo will not disclose to the public the amount of any reward distributed by Nintendo.
It's great to see Nintendo engaging with the friendly hacking community in such a way so that they can keep their hardware safe from those who would seek to exploit them. Let us know if you have the hacking skills to claim the grand prize with a comment below.
[source hackerone.com]
Comments 59
I know a guy...
Interesting move, Nintendo.
After pokemon, I'm not surprised
Smart to do this now with 3DS. Then, if it's successful, they can do the same for the Switch.
You can literally buy cartridges from retailers that exploit security flaws in the 3DS, maybe they should start there instead?
I suppose it is a good thing that Nintendo are reaching out to hackers to improve their 3DS, and it isn't a bad deal for the hackers either :+).
Also speaking of hacking, there has actually been hacking on Miiverse lately it seems and the hackers are causing trouble unfortunately.
I hope the hacking on Miiverse doesn't result in Nintendo shutting down Miiverse and that Miiverse stays, but I don't think the hacking incidents will make Nintendo less cautious on Miiverse in terms of rules.
Either way I the good hacker group can help Nintendo with the 3DS ^^.
If a hacker takes money from Nintendo for helping to prevent hacking, aren't they breaking some sort of hacker code of ethics? Are they not gallant?
It's a trap!
Who exactly is that a picture of and what is his relevance to the article? It's all a bit 'cryptic' to me. Is he a hacker because of that hood?
Yes they want to learn our secrets now.
@Cantisque
Maybe one of the things they want is to find a way to stop those cartridges from working, with the hackers help obviously.
It is a good start for Nintendo to fight piracy, hackers get a good amount of money and Nintendo identifies possible weak points. It could be the beggining to implement antipiracy measures on the Switch, too.
@HappyMaskedGuy Pictured above is a character from Mr. Robot, a television drama about hackers.
They call me heckerman! I'll find ALL the exploits!!
@CB85 It would of been smarter if they'd of done this a few years ago.
@HappyMaskedGuy You seriously don't know Elliot from Mr Robot ?... Where have you been for the past 2 years man ?
EDIT : one tip for you man... Next time, if they put an article about dragons and there is a picture of a blond girl, her name would be Daeneris, ok ?
EDIT2 : This is just jokes man... I'm kidding of course, it was too tempting Peace.
This'll also be a good way to keep tabs on hackers who report bugs and make themselves known to Nintendo. Now they'll know who they are and what their IP is. Countering the future counter perhaps?
@Loui Yeah but they didn't. A lot of people and companies could've been a lot smarter by doing things differently in the past, but it's useless to speculate about that. Hindsight is always 20/20.
Make the 3DS and Wii U (and vWii mode) region free and that'll take away a reason for a chunk of people to modify their system.
The timing's not a coincidence. They're asking for help now because Miiverse was hacked repeatedly for several hours by Arian and PF2M yesterday. I'm astonished NintendoLife didn't report on THAT.
Need more stability!
@BaffleBlend I agree, but I am not really surprised by that Nintendo Life haven't reported on the Hacker thing on Miiverse as Nintendo Life doesn't really report on Miiverse beside major updates or similar.
Still whether or not Nintendo Life should report on the hacking on Miiverse yesterday I am unsure about though.
Still as a person who fairly regularly check the Zelda community I did see a fair amount of people from NSLUC come to the Zelda community while it was a question where they were going to move to ;^^.
Luckily, it seems like things are mostly back to normal now for the most part :+).
Sounds like a clever move. Fight hackers with hackers, aye?
Some hacker will report a huge exploit and then mysteriously get killed in a car accident a week later. I think Ninty has had it with hackers and this is thier ploy to smoke them out and destroy them all...
@HappyMaskedGuy don't be silly. There are 'ethical hackers' - that's their job title, they freelance a lot and hack systems to report what they find and get compensation for it.
It's good that Nintendo are now offering to pay for this service. Also, if a modder finds a way to mod the console would he release the method for free or get up to 20k for telling Nintendo? I'm sure they will do the latter
Loads of companies do this, they just don't always make it clear that they pay for the services, but a lot of places do. Even Apple, Sony and MS pay you if you find a valid exploit and document exactly what it does and how it can be abused and replicated - so they can fix it
The 3DS's future looks pretty stable.
What Turniplord said. This is common practice in the industry.
@Cantisque They already did, thats why there are so many firmware updates. They are looking for the vulnerabilities that are used by those cartridges in the first place, they want to fix it before an exploit is made.
But Nintendo is shady in their information, If i was a hacker I wouldnt trust them, If I had a big vulnerability I would send something small first to see how much money I get, I dont trust they would give the 20 grant to anyone.. maybe 5000 top if its something super big.
Likely to plug all the holes before the switch replaces it so that it doesn't turn into a homebrew and rom system. Well you know like DS level.
As others have said there is a title of Certified Ethical Hacker, people who hack to actually improve company systems and help make sure people aren't hurt.
Yeah, about that.
Hackers are usually a lot more content to publish their findings at a little convention called Chaos Communication Congress than you think. Emphasise on chaos.
The 33rd such convention, 33c3, is going to be hosted December 27th to December 30th. Expect interesting things to be revealed to the public for free.
I think that Nintendo have been paying hackers for quite a while since it was rather easy to play homebrew / emulators on Wii & DS. They just want to ensure the Switch isn't another system used for exploitation. That said, the Switch will likely be a popular system for hackers. Got to get in early I suppose.
I think the article Headline picture totally represents a typical Hacker - yes - yes - it does. . .definitely. .lol
You know what... I'm actually glad about this.
Now we can hopefully have one final stability update and go back to looking forward to firmware updates. You know, the ones that added something useful to the 3DS, remember those?
Ah, Mr Robot... Probably one of the better series on TV in recent times.
As for Nintendo's quest for hackers: maybe they oughta contact the GateWay 3DS guys. Their flash card is apparently still fully functional, even on New 3DS systems, so I bet they can tell Nintendo a thing or two about the system's weaknesses...
You know, I think a hacker could probably do both things: inform Nintendo and get the reward, and release the exploit also. The rewards system doesn't seem to imply exclusivity of the information, just to be the first to publish it.
And really, after the Nds, any boost on security would do well for Nintendo.
I get Far West vibes from such methods XD. Someone make a wanted poster for vulnerabilities with a reward number under it XD! That would be fun!
FINALLY! It's about time Nintendo swallowed their pride and publicly send out a message to pay hackers for helping them! Hopefully, this will set a good precedent. I'm sure some will be wary, but it could be an interesting proposition.
@YouSeemFRAZZLED 3 months from now the WiiU will be history, whereas the 3DS will still be supported with games (and a seemingly neverending deluge of "stability updates" :3 ), it also counts that the "pokémon moon"-leak was a pretty big deal, the flagship game for the holidays leaked? some "Please understand"s must have gone around Nintendo HQ that day...
http://i.imgur.com/ixE28gWl.jpg
after this, i'm not surprised
the NSLU is still shut down and i hope they shut it down forever because it's depressing to look at
Thank god we have Josh from Until Dawn to do just that.
@HappyMaskedGuy "Hacker" does not entail a rogue agent, it just means someone who is an expert at computer code, software, hardware, etc. It used to mean a computer guru, used in a similar way as "Doctor." The stigma of the term "hacker" began because a lot of superstitious people who have no comprehension of advanced computer usage started blanketing the "hacker" term in response to those without ethical self restraint, as if referencing a horror movie. Take a look at GNU and the EFF for a look at what a digital code of ethics really looks like.
@HappyMaskedGuy it's Josh from Until Dawn! He's a hacker because he has nothing better to do now that his sisters are dead.
@Shiryu That movie was b-grade hilarity. Pretty sure I laughed the entire time.
This approach has worked very well for Google, so I appreciate them doing this. Why turn hackers into your sworn enemies? Put them on the payroll like this, and make their reward cash instead of helping others pirate games. Wins across the board, as far as I'm concerned.
@Ryu_Niiyama But the soundtrack is SSS+ rank.
This is my hacking music. https://www.youtube.com/watch?v=rVw5UUKKzM8
@Sakuraichu There are other NSLU communities, so the NSLU people moved over to them.
I am not a part of the NSLU community personally, but I am glad for the people who like that sort of posting :+).
This is probably coming up for games such as VVVVV being hacked kind of recently.
I smell a rat...a trap to bait poor users into doing this, but not getting any rewards lol
I wonder if PF2M and Arian's miiverse exploits had to do with this? The timing seems a little too perfect. Although, if Nintendo don't like modders couldn't they make it region free? Which is a reason why a large amount of people mod anyway.
In all seriousness, this does seem like a good idea.
@Cantisque Your avatar is so awesome. Where's it from?
I'm sure that there's going to be an overabundance of people looking to work with Nintendo on this. They're gonna be tripping over themselves to get those big sell-out bucks. Yup, the hacker(s) that take Nintendo up on this one aren't going to be ostracized by the rest of the hacking community at all...
Nobody is going to help you, Nintendo.
@SLIGEACH_EIRE This is how it will go down: Nintendo lets the hackers look inside their systems, and then...WHAM!
Any Hacker whom has even the smallest brain should know well enough to avoid this "job", i honestly think it's just a trap to lure hackers in and deal with them like baiting mice with a trap.
Bait, catch, remove, repeat. basically.
@Turniplord Yeah, I'm being silly.
Party pooper.
@PlywoodStick Oh. Okay. Thanks.
@PlywoodStick Cats are so compressible.
Lol: What if they start hacking....for bad purposes?! They are hackers after all...
Also: Isn't the 3DS super stable already?
However, this probably shows that the 3DS will still be around for some while. Why else would Nintendo bother?
Show Comments
Leave A Comment
Hold on there, you need to login to post a comment...