Home

 › 

Articles

 › 

Nintendo Places Bounties on Switch Vulnerabilities

Nintendo Places Bounties on Switch Vulnerabilities

Late last year, Nintendo initiated a partnership with HackerOne, a service based on rewarding hackers bounties for information on system vulnerabilities. The initial listing was for information pertaining to the Nintendo 3DS, but was expanded recently to include the Nintendo Switch. The Switch having vulnerabilities is not new news, and Nintendo has awarded three individuals with undisclosed bounties via HackerOne.

On Nintendo’s HackerOne page, the company lays out examples of what it is looking for, as well as what it is looking to prevent. Switch piracy is an obvious one, along with cheating and “dissemination of inappropriate content to children.” Piracy includes game data dumping and execution, and cheating includes game or save data modification. Also fascinating is a list of examples of vulnerabilities for the Switch, which are not elaborated on but could indicate previously known/repaired vulnerabilities. These include Kernel takeover, Privilege escalation form userland and ARM TrustZone takeover.

Legally, neither the rewarded hackers nor Nintendo itself can reveal the nature of the vulnerabilities or rewards found by/awarded to HackerOne users. In the page’s legal section, Nintendo awards bounties from $100 to $20,000 and determines the worth of a submission itself. Three bounties have been awarded to users loituma, Zacharias and endergamer549. They are legally bound to secrecy, so seeking them out likely won’t bear any further information. Still, it’s a fascinating business.

Source: HackerOne

To top