HackerOne To Reward Nintendo Switch Security Exploit Discovery

Nintendo Switch Neon Red Blue Console Image

It was late last year that Nintendo had first teamed up with HackerOne, a vulnerability coordination and bug bounty platform created by security leaders from Facebook, Microsoft and Google.

The platform continues to reward those that discover and report Nintendo 3DS security exploits, with the awarded bounties ranging between $100 to $20,000. This has now been expanded to cover Nintendo Switch, with the company interested in receiving any information about system and application vulnerabilities – clarifying that they are “not seeking vulnerability information regarding other Nintendo platforms, network service, or server-related information.”

Since Nintendo has requested reports, three hackers have been thanked but the website does not disclose whether they received a bounty for their efforts.

Nintendo has outlined what they are looking for help with below, with more information available on the HackerOne website.

Below are examples of types of activities that Nintendo is focused on preventing:

Piracy, including:

  • Game application dumping
  • Copied game application execution

Cheating, including:

  • Game application modification
  • Save data modification

Dissemination of inappropriate content to children

Below are examples of vulnerabilities that Nintendo is interested in receiving information about:

System vulnerabilities regarding Nintendo Switch

  • Privilege escalation from userland
  • Kernel takeover
  • ARM TrustZone takeover

Vulnerabilities regarding Nintendo-published applications for Nintendo Switch

  • Userland takeover

System vulnerabilities regarding the Nintendo 3DS family of systems

  • Privilege escalation on ARM ARM11 userland
  • ARM11 kernel takeover
  • ARM ARM9 userland takeover
  • ARM9 kernel takeover

Vulnerabilities regarding Nintendo-published applications for the Nintendo 3DS family of systems

  • ARM11 userland takeover that doesn’t require other hacks or tools (“secondary” exploits would be those that require other hacks or tools to be effective; those would be out of scope for this program)
  • Hardware vulnerabilities regarding either the Nintendo Switch system or the Nintendo 3DS™ family of systems

Low-cost cloning
Security key detection via information leaks

Leave a Reply

Your email address will not be published. Required fields are marked *