Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Nintendo Offers $20,000 for Vulnerabilities in 3DS Consoles

Nintendo announced on Monday the launch of a new bug bounty program for its 3DS handheld gaming systems. The company is prepared to offer between $100 and $20,000 for vulnerabilities found in the product.

Nintendo announced on Monday the launch of a new bug bounty program for its 3DS handheld gaming systems. The company is prepared to offer between $100 and $20,000 for vulnerabilities found in the product.

The bug bounty program, hosted on HackerOne, is only for 3DS consoles – the company says it’s currently not interested in vulnerabilities affecting other platforms or services.

Nintendo is willing to pay for system flaws, such as privilege escalation or takeover issues affecting ARM11 and ARM9 processors. The company also encourages researchers to report vulnerabilities found in Nintendo applications, and hardware weaknesses that can be leveraged to obtain security keys or clone systems at a low cost.

Through its bug bounty program, Nintendo aims to prevent piracy, cheating and dissemination of inappropriate content to children.

“A report is evaluated to be high quality if you show that the vulnerability is exploitable by providing a proof of concept (functional exploit code is even better),” Nintendo said. “If you don’t yet have a proof of concept, or functional exploit code, we still encourage you to report to us sooner rather than later such that you do not to lose the opportunity to become the first reporter; you can then submit a proof of concept or functional exploit code later (within three weeks of the initial report) and it will be considered to be a part of the report.”

The company has promised to pay researchers within four months after the vulnerability has been confirmed, but not before the security hole has been patched. Bounty amounts will not be disclosed.

Issues that are already known are not eligible for a reward and Nintendo prohibits researchers from disclosing vulnerability information, even after a patch becomes available. The company has argued that devices running older versions of the system may remain vulnerable even after a fix is released.

There are several major organizations running bug bounty programs on HackerOne, including Kaspersky, Panasonic Avionics, Qualcomm, Uber, Yelp and the U.S. Army.

Advertisement. Scroll to continue reading.

Related Reading: ‘League of Legends’ Creators Unveil Details of Bug Bounty Program

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Register

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

SAP security firm SecurityBridge announced the appointment of Roman Schubiger as the company’s new CRO.

Cybersecurity training and simulations provider SimSpace has appointed Peter Lee as Chief Executive Officer.

Orchid Security has appointed a new Chief Product Officer and three advisors.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.