Nintendo Offers Bounty for Security Exploits on its 3DS

Nintendo is offering a new bounty to anyone that can find a security exploit in its 3DS handheld game system product line. This announcement comes as players are eagerly anticipating the release of its upcoming Switch console.

From Nintendo’s statement on HackerOne:

Nintendo’s goal is to provide a secure environment for our customers so that they can enjoy our games and services. In order to achieve this goal, Nintendo is interested in receiving vulnerability information that researchers may discover regarding Nintendo’s platforms. Currently, in the context of the HackerOne program, Nintendo is only interested in vulnerability information regarding the Nintendo 3DS™ family of systems and is not seeking vulnerability information regarding other Nintendo platforms, network service, or server-related information.

This bounty comes at an interesting time as the 3DS product line is beginning to show signs of aging. New special edition releases of the smaller 3DS and larger 3DS XL have kept the handheld gaming system fresh in the market, but the underlying technology behind it has become stale over the past several years.

The reward being offered in this bounty ranges from $100 to $20,000 depending on the importance of the information and the quality of the report. Vulnerabilities which are more severe are given a higher bounty than those that are minor.

Payment of the bounty occurs either after Nintendo has successfully patched the vulnerability or four months after the report has been validated by Nintendo.