Switch Security Flaws can Earn you Cash

In what is starting to become a trend Nintendo has offered a bounty to anyone who can find Switch security flaws. If you’re lucky enough to have snagged a Switch and fancy yourself a hacker extraordinaire then you could soon be quids in.

The Money

If you are up to the task then you are going to want to know the specifics. As you would expect you will only gain the bounty if you are the first person to report it to Nintendo. Reward amounts depend on how exploitable the Switch security flaw is and how serious the implications could be. Bounties start at $100 but will go up to a cool $20,000 for a catastrophic flaw.

Switch security flaws - dashboard screenshot
Time to pay attention
How do I…?

Nintendo already run a similar policy for the 3DS. Both systems run bounties through Hacker One. This site is frequented by a few of the major games companies so is worth keeping an eye on if you have the skills.

They Already Have

The clock is well and truly running as the scheme has been running since late 2016. Three informants have already been paid undisclosed amounts for their work. Additionally several people have been credited with bounties in the last day.


Below is a list straight from Nintendo of the Switch security issues they are interested in.

  • Piracy, including:
    • Game application dumping
    • Copied game application execution
  • Cheating, including:
    • Game application modification
    • Save data modification
  • Dissemination of inappropriate content to children

Below are examples of vulnerabilities that Nintendo is interested in receiving information about:

  • System vulnerabilities regarding Nintendo Switch
    • Privilege escalation from userland
    • Kernel takeover
    • ARM® TrustZone® takeover
  • Vulnerabilities regarding Nintendo-published applications for Nintendo Switch
    • Userland takeover
  • System vulnerabilities regarding the Nintendo 3DS family of systems
    • Privilege escalation on ARM® ARM11™ userland
    • ARM11 kernel takeover
    • ARM® ARM9™ userland takeover
    • ARM9 kernel takeover
  • Vulnerabilities regarding Nintendo-published applications for the Nintendo 3DS family of systems
    • ARM11 userland takeover that doesn’t require other hacks or tools (“secondary” exploits would be those that require other hacks or tools to be effective; those would be out of scope for this program)
    • Hardware vulnerabilities regarding either the Nintendo Switch system or the Nintendo 3DS™ family of systems
  • Low-cost cloning
  • Security key detection via information leaks