Last year, Nintendo debutted its HackerOne program that involved giving a bounty of range of $100 - $20,000 to hackers that disclose their system exploits and vulnerabilities for the 3DS. Everyone thought it wouldn't work out for Nintendo, but just around last month the program was extended to include the Nintendo Switch too.

Just recently as you can see in the picture, three people were rewarded so far, however the amounts paid will not be made public. It seems as if a few hackers wouldn't mind giving out their newfound exploits for some easy cash, hopefully for the sake of the Switch hacking scene, it isn't the same with our own resident hackers.

A few examples of what information Nintendo is interested in receiving:

• System vulnerabilities regarding Nintendo Switch
  • Privilege escalation from userland
  • Kernel takeover
  • ARM® TrustZone® takeover
• Vulnerabilities regarding Nintendo-published applications for Nintendo Switch
  • Userland takeover
• System vulnerabilities regarding the Nintendo 3DS family of systems
  • Privilege escalation on ARM® ARM11™ userland
  • ARM11 kernel takeover
  • ARM® ARM9™ userland takeover
  • ARM9 kernel takeover

Source

 

[proflayton123]

Lmao ew those people..

 

[Jiehfeng]

Lmao ew those people..

It's basically a wall of shame. Can't wait to see familiar usernames, though for their sake they might choose something else to hide from the crowd.

 

[retrofan_k]

One word "Traitors". Nah, but if there is money on the table, it's easy to take the bait.

Personally, if I was a dev, I wouldn't disclose my findings, etc, as I would be doing it for fun and a hobby like I do with exploiting and modding consoles, as a end user with what the scene provides.

Just goes to show Nintendo are not confident in their own technical department and have to rely on the public for help.

 

[Bladexdsl]

welp there goes the browser exploit

 

[the_randomizer]

I can't say I'm surprised, but hey, money speaks louder than actions, bribery always works

 

[Joom]

Just goes to show Nintendo are not confident in their own technical department and have to rely on the public for help.

You do know that they're not the only company with a bug bounty, right? Also, stuff like this is great for resumes, which apparently a lot of you can't comprehend. Wait until you have a mortgage and a family, or even school debt, and you want your skills to be recognized by someone that can put you on a decent career path.

 

[marksteele]

it should be interesting if this changes how "hobby hackers" (people not in it for the money) release their work. I know the mentality right now is "save it for as many firmware versions as possible" but if the bug bounty program starts to take off I don't know if that will be viable anymore.

 

[Rudy69]

This is probably why the kernel exploit is patched in the new update

 

[anhminh]

I hate snitch, they make me sick.

 

[DinohScene]

I hate snitch, they make me sick.

Those aren't snitches.
Their white hats who hack to expose security problems which will later benefit everyone.

You wouldn't mind your bank getting hacked by a white hat if it means your money would be stored more securely do you now?

 

[the_randomizer]

I hate snitch, they make me sick.

Except, they're not, but okay.

 

[Alkéryn]

When i finally get the switch should i or should i not sell my expluts xD

 

[Joom]

When i finally get the switch should i or should i not sell my expluts xD

You have to weigh the benefits of monetary gain and the admiration of teenagers. Honestly, if anyone feels conflicted about doing either, then posting a write up for someone else to interpret and create a POC around that might be better for your conscience.

 

[Alkéryn]

You have to weigh the benefits of monetary gain and the admiration of teenagers. Honestly, if anyone feels conflicted about doing either, then posting a write up for someone else to interpret and create a POC around that might be better for your conscience.

Meh by the time i get my hands on the system it will already be hacked
I'm not against piracy but i won't support it either, don't want to have trouble with nintendo
But i would rather make an exploit public than giving it to Nintendo except if they would pay more than 20 000

 

[Taleweaver]

Jeez...I know this forum is the home of pirates and script kiddies, but the replies here are still pretty immature. Traitor...snitch...wall of shame...Say, geniusses: this isn't exactly helping that so-called "cause" of you. If you're really interested in what hackers do, at least have the fucking decency to recognize a job well done, even if it isn't in your own interest.

As it turns out, there were vulnerabilities found in the kernel, and they are now patched. So? Unless you're skilled enough to find vulnerabilities/exploits/hacks yourself, don't tell others what they should or shouldn't be doing with them. This isn't the first time this community turns out to be pretty much the opposite of what the word 'community' is supposed to be about (I've seen a good handful decent hackers being boo-ed for doing something else than openly releasing everything they had), but this may very well be the last time. No, not because "all the hackers turn out to be greedy bitches" but because the people they could release their exploits are hardly more than a bunch of ungrateful bastards.


(no, I haven't discovered exploits myself, and yes I've used some that others have released...but I'd be glad if talented hackers got something more than just the paper thin "gratefulness" that this community provides)

 

[xile6]

humm money for your hard work,
Or nothing...


id say most people would choice the money.

 

[Joom]

@Taleweaver, more importantly there will always be more provided there's interest. The way I feel is "so what?" because someone else will come along and release something that satiates the droolies.

 

[Reecey]

It's basically a wall of shame. Can't wait to see familiar usernames, though for their sake they might choose something else to hide from the crowd.

It is a wall of shame basically to many but not for some and I'm even surprised they post usernames etc..even though they are random nonsense and probably would never be traced! but hay I'm all for hacking etc.. but at a later date maybe, not at its birth and growing so early. I think its a good thing at this time too let the Switch develop and then homebrew at a much later date I think seeing hacking on a system this early would only spell out DOOM so I'm all for it, they have made the honest and right step forward by reporting, its good!. I don't want to see this system hacked for many years to come yet! well at least 3 years would be good else I would think Nintendo would hang up there gloves with the handheld/console department which would be very sad indeed for many.

 

[Deleted User]

Good. If white hat hackers didn't exist then we would even have hacked bank accounts.
You're overreacting, this isn't wall of shame but something to make security even better, so you will not get "Homebrew Installer" which turns out to be a bricker.