If you are pretty good at programming and sniffing down security loopholes in hardware, why not make a quick buck out of your skill? I am talking about an offer which might see your bank account swell by a cool $20,000. Yes sir, that is the amount of money that Nintendo is offering for those who are able to successfully identify vulnerabilities with the Nintendo Switch console. This particular program happens to be an extension of what it kicked off in December 2016.
Back then, this cash reward scheme began in order to help Nintendo identify any vulnerabilities in their handheld champion, the Nintendo 3DS. This time around, it would try to rally the efforts of security savvy gamers and interested parties in helping sniff out any kind of weaknesses and security loopholes in the Nintendo Switch.
This particular program was organized with the help of HackerOne. Basically, the first person who manages to report "qualifying vulnerability information" will be richer by anywhere from $100 to $20,000, depending on the seriousness of the flaw reported. To date, Nintendo has remained secretive on the value of how each reward is calculated. It is interesting to note that a brand new clause has been thrown to the policy now, where it mentions that Nintendo "reserves the right to choose whether or not it will address any reported vulnerabilities."
Right now, we do know that the 3DS range of handheld consoles as well as the newly launched Nintendo Switch come under the “protection” of this particular agreement, but there was absolutely no mention of the Wii U. Nintendo claims that they are “not seeking vulnerability information regarding other Nintendo platforms, network service, or server-related information."
Just so that you know how focused Nintendo is on preventing any kind of security loopholes from ruining the gaming experience for millions around the globe, they are clamping down on all forms of piracy, including game application dumping and copied game application execution. They also frown on ways to cheat such as game application modification, save data modification, and the dissemination of inappropriate content to children.
What would Nintendo like to hear concerning vulnerabilities of their console? It is not too long a list, but there should be more than enough to work with right from the get go. Several system vulnerabilities concerning the Nintendo Switch include privilege escalation from userland, kernel takeover, ARM TrustZone takeover, and userland takeover. In terms of payout, only a single reward will be handed out for each qualifying piece of vulnerability information. All of this will be done at Nintendo’s discretion, and if you happen to be someone in the vein of Hugh Jackman’s character in the cult favorite movie Swordfish, then sad to say the reward will not be given out to folks like that. As long as you are on a sanction list, or are in a country that is on a sanction list, those are no-go zones for Nintendo.
All rewards will be paid out once the reported vulnerability is fixed by Nintendo, but it would not take more than four months upon receipt of the reported vulnerability.