In December, Nintendo called out to the hacking community for assistance on finding Nintendo 3DS vulnerabilities that could be exploited. The program now extends to the Nintendo Switch.
The Switch has been added to Hacker One, the third party site Nintendo originally used to track Nintendo 3DS hacks. Just like for 3DS hacks, Nintendo is offering rewards for reported security exploits ranging from $100 to $20,000. The amount of the reward depends on the severity of the hack and how easy it is to replicate. Only the first user to report a specific exploit receives a reward.
Nintendo has listed two separate categories of possible bugs that could compromise the Switch’s integrity. The first category is system vulnerabilites which includes “privilege escalation from userland,” kernel takeover,” and “ARM TrustZone takeover.” The second category is “Nintendo-published applications,” and lists only “userland takeover.”
The 3DS, which has been subject to numerous hacks in recent years, has a much wider list of exploits to look out for.
Since the bounty program started, three users have been rewarded an undisclosed sum for finding and reporting bugs. Due to the timing — all three exploits were resolved and paid out this week — it’s possible that the Switch’s induction into the program means that one or more of the reports were Switch-related.
Although the Switch hasn’t been hit with any large-scale hacks, some system features are currently in the console’s code but not available to users. Eurogamer pointed out that hackers have already unearthed an internet browser that hasn’t been released to the public yet, giving the hacking community hope for future exploits. It’s important to note that the internet browser hack alone won’t lead to customized firmware or outright piracy.
One hacker also recently gained viewable access to one of the Switch’s system modules using a method similar to the internet browser exploit. The module hack displayed how some of the system’s RAM was organized.