I know Nintendo is often in the news for rage-inducing reasons when it comes to interacting directly with the community, such as shutting down Pokemon Uranium or Another Metroid 2 Remake, but this time they actually want to collaborate with the community in an interesting way.
According to HackerOne, Nintendo is offering up to $20,000 in total bounty to hackers capable of breaking through the security protocols of the Nintendo 3DS and informing Nintendo about the vulnerabilities.
This is actually a pretty cool thing because it gives the hacking community an opportunity to dive into Nintendo's hardware and actually get paid for it. The task is to find critical security vulnerabilities within the 3DS and report the bugs to Nintendo using the report form on the HackerOne website.
They're looking for some very interesting information. For instance, they want to plug holes that might allow people to dump Nintendo 3DS games or execute them from a third-party software (such as emulators), as well as vulnerabilities relating to cheating. Any kind of software used to modify the game application or saved game data is information they want. They also want to put a stop to any means that could circumvent their security measures where inappropriate content for minors could be disseminated.
They give a few examples of what they're looking for and what they would like discovered in order to further secure the Nintendo 3DS and its line of systems. They plan on paying anywhere between $100 and $20,000 to the first person who reports a certain kind of bug or vulnerability. So if you happen to come across a bug that someone else has already found and claimed the bounty on, there won't be any money for you.
While the terms and conditions state that Nintendo won't disclosure how the reward amount is calculated, it could be assumed that the reward would be based on the severity of the vulnerability. They do mention that the amount will also be based on the importance of the information and the quality in which the bug or security flaw is reported. I imagine if you report the vulnerability like a professional QA tester, you're could be swimming in a few thousand dollars easy.
They also want to ensure that there is proof of concept and details provided on every step of the way to give Nintendo a thorough look at how they happened upon the security breach.
What's most fascinating about this is that they're focusing on the Nintendo 3DS. One would think that the system is old enough by now that they would be focusing on their next machine. Then again, they could be using this data for their next handheld, or it could be something to help reinforce the Nintendo Switch, which is due for release in March of 2017.
If you have the elite hacking skills that Nintendo is looking for, feel free to crack open a Nintendo 3DS and find some flaws so you can make some cash.