MCV/DEVELOP News, events, research and jobs from the games industry
Hackers who can unearth Switch software vulnerabilities could land themselves a cash reward from Nintendo.
Nintendo kicked off its HackerOne scheme last year last year. It offered payouts of up to $20k for anyone who could successfully identify security issues and vulnerabilities with the 3DS. Piracy, cheating and save modding were the primary focus.
Payments were up for grabs to those who first reported any confirmed problem. How the reward total would be calculated was never revealed.
"A report is evaluated to be high quality if you show that the vulnerability is exploitable by providing a proof of concept (functional exploit code is even better)," Nintendo said at the time. "If you don’t yet have a proof of concept, or functional exploit code, we still encourage you to report to us sooner rather than later. The reward will be paid after the vulnerability has been fixed by Nintendo."
Now Gamasutra reports that HackerOne has been expanded to include the Switch. Contributors have been asked to hunt out both hardware issues and any vulnerabilities relating to Nintendo software.
It adds that three people have to date successfully claimed a HackerOne reward, although the details of what they unearthed remain a mystery.
Hackers claimed an early Switch victory just a week after the console was launched. An old technique used by iOS jailbreakers provided the breakthrough. Jailbreaking is the name of the process through which iPhones and iPads are liberated from Apple’s restrictions. Once jailbroken, an iPhone can run custom code or – most worrying – pirated games and software.
While Switch does not have a web browser, it does use Apple’s webkit for the rendering of web pages. This is used when games link to Facebook or Twitter, for instance. And it’s the presence of this code that allowed hackers to use existing jailbreak techniques to insert custom code onto Nintendo’s machine.
Oddly the exploit that has worked with Switch was one that Apple patched out of iOS some time ago, suggesting that Nintendo has used old code.
