Calling all hackers — Nintendo is offering up a whole bunch of money to security-savvy Switch owners that can find vulnerabilities in the company’s latest console. Finding and submitting a big security problem could see you walking away with a cool $20,000.
Nintendo expanded its public security flaw hunt to the Nintendo Switch yesterday, offering up compensation to anyone who finds and reports new vulnerabilities in the month-old console. Depending on the severity of the flaw, its exploitability, and the quality of the report, bug hunters could earn between $100 and $20,000.
Nintendo already offers rewards for vulnerability reports on the Nintendo 3DS and New 3DS through the bug-hunting website HackerOne. The project first launched for Nintendo in December 2016 and has already paid out rewards to three individuals (unfortunately we don’t know how much they made for their efforts).
Nintendo is specifically looking for system vulnerabilities in these areas:
Privilege escalation from userland
ARM® TrustZone® takeover
Userland takeover (for applications)
If you find a new vulnerability worthy of reporting, Nintendo will reward you after it has fixed the problem or within four months of receiving the report.
Other companies in the tech world offer similar programs that have seen successful bug hunters earning huge chunks of money, including Google and Facebook. This kind of crowdsourced flaw-hunting allows tech companies to get extra eyes on their hardware and software, bringing in people who may notice bugs that companies’ own security teams miss.