Nintendo adds Switch console to bug bounty program
Nintento has added the Switch console to its bug bounty program on the HackerOne site. It aims to reward people who discover and report vulnerabilities in the system with monetary amounts.
Nintendo changed its page on the HackerOne platform back in March, but the change was only recently discovered by Perfectly Nintendo. From the description it can be concluded that Nintendo is looking for ways in which a user can increase his rights. In addition, it is looking for vulnerabilities that could allow takeover of the kernel or of the ARM TrustZone. The latter provides a secure environment that is separate from the rest of the hardware.
Nintendo also offers rewards for finding leaks in Switch applications. This concerns leaks that enable userland takeover. The rewards are a minimum of 100 dollars and can go up to 20,000 dollars, converted approximately 18,800 euros. The company does not disclose how it calculates the amount of the rewards and states that it determines whether it pays out an amount. In addition, Nintendo reports that reporting a vulnerability does not automatically mean that it will be fixed.
The page shows that Nintendo has thanked a small number of hackers for its services this year. It’s not the first time the Japanese company has offered rewards for finding leaks. That’s how it started in December last year with its HackerOne program. At the time, it was still about vulnerabilities in the 3DS, similar to those for the Switch. The new console is not free from leaks, when a hacker was able to apply a Webkit exploit to the console in March.