Nintendo expands bug bounty programme

Nintendo isn’t the first company that comes to mind when speaking about bug bounties, but looking at its new programme for the Switch, maybe it should be.

An extension of the bug bounty programme it launched for the 3DS a few months back, Nintendo has partnered with HackerOne to find vulnerabilities in the Switch software.

Seeking Nintendo Switch software vulnerabilities

Again, Nintendo are paying out for anyone who can find a way through their software, and it could be a big pay out. Rewards for this bug bounty programme begin at US$100 but can climb as high as US$20,000, so if hackers bring a serious issue to Nintendo’s attention, they could certainly cash in. The amount of the reward depends on the severity of the hack and how easy it is to replicate. Only the first user to report a specific exploit receives a reward.

Nintendo wants to prevent three key things with this bug bounty programme: piracy, cheating, and “dissemination of inappropriate content to children.” Here’s what Nintendo is specifically looking for in regards to the Switch:

System vulnerabilities regarding Nintendo Switch:

  • Privilege escalation from userland
  • Kernal takeover
  • ARM Trustzone takeover

Since the bounty programme started, three users have been rewarded an undisclosed sum for finding and reporting bugs. Due to the timing — all three exploits were resolved and paid out this week — it’s possible that the Switch’s induction into the programme means that one or more of the reports were Switch-related.

Bug bounties growing in popularity

Other companies in the tech world offer similar programmes that have seen successful bug hunters earning huge chunks of money, including Microsoft, Google and even the US Department of Defense. This kind of crowdsourced flaw-hunting allows tech companies to get extra eyes on their hardware and software, bringing in people who may notice bugs that companies’ own security teams miss.

Edited from sources by Ella Donaldson

Slash Gear