Nintendo has reached out to the hacking community with cash rewards for users who report vulnerabilities in Nintendo 3DS system security, revealing that it now plans to address software exploits before they become public knowledge.
Hackers who successfully identify vulnerabilities within the Nintendo 3DS system software will receive a bounty of between $100 and $20,000, depending on each exploit’s severity and its potential impact on the handheld gaming market.
The Nintendo 3DS has been a favorite target for hackers in recent months, leading to the release of multiple vulnerability-targeting applications and workarounds. Users who bypass the Nintendo 3DS’s security features are able to run unsigned code, ranging from home-brew applications to pirated versions of retail-released 3DS games.
While Nintendo frequently releases 3DS firmware updates to address security bugs as they’re found, hackers continue to devise exploits stemming from code vulnerabilities in new games, making it fairly easy to execute unsigned code on retail 3DS units. Previous hacking methods relied on exploits present in titles like Cubic Ninja and The Legend of Zelda: Ocarina of Time 3D, while other workarounds targeted vulnerabilities in the platform’s YouTube application and built-in web browser.
Rather than patching out exploits after they’re released and the damage has already been done, Nintendo aims to fix future 3DS vulnerabilities before they reach the general public. As part of its new vulnerability tipster program, Nintendo encourages hackers to develop “functional exploit code” in order to demonstrate the severity of discovered bugs.
“The reward amount depends on the importance of the information and the quality of the report,” Nintendo explained. “A report is evaluated to be high quality if you show that the vulnerability is exploitable by providing a proof of concept (functional exploit code is even better).”
Experienced hackers shouldn’t plan on making a living off of Nintendo’s new initiative, however, as the company’s terms don’t guarantee a payout for discovered glitches.
“Nintendo will determine at its discretion whether the vulnerability information qualifies for a reward as well as the amount of any such reward,” Nintendo’s statement reads.
