Nintendo Launches Rewards Program For Discovery Of New 3DS Vulnerabilities

The Nintendo 3DS may already be over five years old, but Nintendo hasn’t forgotten the need for better security on the handheld gaming device. The Japanese gaming firm just launched a campaign where it will reward people who discover new vulnerabilities in the handheld system.

“Nintendo is offering an incentive to the world’s finest researchers to find and report security vulnerabilities for the Nintendo 3DS family of handheld game systems. In coordination with HackerOne, Nintendo will pay up to U.S. $20,000 for the discovery of critical security vulnerabilities,” the company said on the HackerOne website.

Nintendo will also be rewarding researchers a minimum of $100 for each vulnerability discovered through HackerOne’s program, according to Polygon. The amount of the reward will depend on “the importance of the information and the quality of” a researcher’s report. The company also reminded bounty hunters that information already known to Nintendo or the public will not merit any rewards.

Researchers who are able to discover new vulnerabilities are encouraged to demonstrate its severity, so Nintendo will be able to assess its importance. “A report is evaluated to be high quality if you show that the vulnerability is exploitable by providing a proof of concept (functional exploit code is even better),” Nintendo said in a separate post.

Nintendo listed various security vulnerabilities that it wants to prevent through this program, ranging from piracy and cheating, up to hardware vulnerabilities like low-cost cloning and security key detection through information leaks.

The Nintendo 3DS has become a favorite target for a lot of hackers in the most recent months. Nintendo has also been frequently releasing firmware updates to the 3DS to combat vulnerabilities, but it hasn’t stopped hackers from finding new workarounds to execute unsigned code on 3DS units, according to Digital Trends.

The idea behind this program is that Nintendo wants to prevent future attempts at exploiting vulnerabilities in the 3DS by quashing them before malicious attackers discover them first.