Nintendo expands bug bounty program

Researchers can earn up to $20,000 for disclosing critical security flaws.
Written by Charlie Osborne, Contributing Writer

Nintendo has bumped up the firm's bug bounty program by including a new console as a target for researchers to explore for security flaws.

On December 5, the gaming giant revealed the inclusion of the Nintendo 3DS handheld console family in the bug bounty scheme.

The bug bounty program, hosted on HackerOne, invites researchers to find and address vulnerabilities in the console in return for rewards. Nintendo asks that bug hunters report security flaws "that could jeopardize [the] environment" of the 3DS, and critical flaws which could impact the system or user the most will net rewards of up to $20,000.

"Nintendo is committed to creating a better game-play experience for all through those actions," the company says.

See also: Bug bounties: 'Buy what you want'

Nintendo wants to prevent activities including piracy, game dumping, running copied games, and cheating including game application modification and save data mods. To this end, the game developer wants to stamp out any flaw that can be exploited for these purposes, including privilege escalation flaws, kernel takeovers, and hardware vulnerabilities such as low-cost cloning and security key detection through data leaks.

Rewards for disclosures range from a minimum of $100 to $20,000 for the most critical problems. Nintendo asks for a description of security problems and proof-of-concept (PoC) code to be included.

In November, the US Department of Defense (DoD) and HackerOne launched the "Hack the Army" challenge for a select group of security researchers interested in tackling the DoD's websites and scouring the domains for security problems which could compromise the government's operations.

2016 Holiday gift guide: Top tech, gadgets to give this season

Editorial standards