<div dir="ltr"><a href="http://www.ibtimes.co.uk/nintendo-offers-hackers-20000-find-switch-3ds-security-flaws-1616910">http://www.ibtimes.co.uk/nintendo-offers-hackers-20000-find-switch-3ds-security-flaws-1616910</a><br><div class="gmail-v_text" id="gmail-v_main"><p>Nintendo is
calling on white-hat hackers and security researchers up to $20,000
(£15,962) to find any security flaws in its recently released hybrid
portable console - the Nintendo Switch. Bug bounty hunters could earn
rewards ranging from $100 to $20,000 for reported Switch security
exploits, depending on its severity, exploitability and quality of the
report.</p><p>According to a post by Nintendo <a href="https://hackerone.com/nintendo?view_policy=true" rel="nofollow" target="_blank">on HackerOne</a>,
a Silicon Valley-based bug bounty platform, the Japanese gaming giant
is offering rewards for new information related to piracy, cheating and
dissemination of inappropriate content to children.</p><p>Bug bounty hunters are also encouraged to find and report any system vulnerabilities that could compromise <a href="http://www.ibtimes.co.uk/nintendo-switch-emulator-download-links-spread-online-heres-why-you-shouldnt-trust-them-1614487" target="_blank">the device </a>including
system vulnerabilities in certain areas such as "privilege escalation
from userland, kernel takeover, ARM TrustZone takeover and userland
takeover for Nintendo-published applications".</p><p>Nintendo is also looking for successfully discovered flaws in its <a href="http://www.ibtimes.co.uk/nintendo-offers-hackers-20000-find-3ds-security-vulnerabilities-1595090" target="_blank">3DS family of consoles</a>
regarding privilege escalation on ARM ARM11 userland, ARM11 kernel
takeover, ARM ARM9 userland takeover and ARM9 kernel takeover.</p><p>Users
can also report other 3DS vulnerabilities such as ARM11 userland
takeover that does not require other hacks and tools as well as any
hardware vulnerabilities related to the Switch or 3DS systems.</p><p>The first reporter of a valid vulnerability will be rewarded, Nintendo said.</p><p>"Nintendo
will determine at its discretion whether the vulnerability information
qualifies for a reward as well as the amount of any such reward," the
company said, noting that it will not disclose how the amount is
calculated. "Rewards will not be issued to individuals who are on
sanction lists, or who are in countries on sanction lists."</p><p>Successful
bug bounty hunters will be rewarded after the reported flaw is patched
by Nintendo no later than four months after Nintendo confirms the
vulnerability. However, the company notes that it is solely interested
in security flaws related to the Switch and 3DS family and is "not
seeking vulnerability information regarding other Nintendo platforms,
network service, or server-related information".</p><p>So far, three people have successfully reported vulnerabilities and have received undisclosed bounties for doing so.</p><p>From Microsoft and Facebook to <a href="http://www.ibtimes.co.uk/uber-beef-security-by-offering-10000-hackers-who-uncover-bugs-its-system-1551151" target="_blank">Uber</a>, Chrysler and <a href="http://www.ibtimes.co.uk/us-army-announces-hack-army-bug-bounty-programme-inviting-hackers-expose-security-flaws-1591188" target="_blank">the US Army</a>,
many companies and agencies have adopted bug bounty programmes as an
effective way to find and squash unwanted and potentially severe
security flaws within the systems before they are exploited by malicious
hackers.</p></div></div>