Nintendo Hackers: $20,000 Bug Bounties Aren't Going to Stop Piracy

[Megalith]

Nintendo recently announced “Hacker One,” a bug bounty program that would pay big bucks to anyone who managed to crack the Switch and other hardware systems, but current players do not believe this will make a dent on piracy in any way. Console hackers claim that they are simply passionate about the challenge of breaking security, and how it’s really about fun and enjoyment instead of money. They note that Nintendo’s move has one obvious effect, though: hackers will now be even less likely to share their findings with others.

"I don't think I'll ever participate under the current rules, as they require that the finder never disclose his or her findings publicly," said Rabet. "I feel like my work has more value published than not. That said, I respect what Nintendo is doing, and I typically do not release exploits using critical vulnerabilities until after they've been patched. In that sense, I wouldn't be opposed to entering the bounty if I could retain the right to do whatever I want with the vulnerability details after the fact. Currently, however, that doesn't seem possible."

 

[DarkStar_WNY]

The problem, as I see it, is that the person talked to assumed that Nintendo will actually fix any exploit found, instead of just holding onto it to see if more people find the same exploit, and then depending on how many people locate that exploit then beancounters will decide if it's worth fixing.

 

[LurkerLito]

Honestly it's a smart move on Nintendo's part. It sort of removes the collaboration part of the hacker collective. The hardest part for Nintendo is there are maybe several hundred smart hackers freely working the problem together. With the bounty system the group of hackers will tend to shrink into smaller sub groups with an anti-collaborative "just in case" attitude should they want to send it towards Nintendo for a payday later. That will slow down the task due to secrecy, with the very real possibility of poisoning the collective through greed.

 

[SonicTron]

Not to mention that $20,000 is a joke for a crack of major consumer hardware

 

[RanceJustice]

Especially with Nintendo's rather vicious take on intellectual property, sometimes backward and often restrictive (some would say, exploitative) business models, and other elements I think much of the hacking community won't be swayed especially for what is a relatively paltry sum. Lets not forget that the Cemu WiiU emulator , (like Dolphin before it) makes over 20,000 PER MONTH in Patreon contributions from supporters. Not to mention of course that the fun of it is another primary motivation, but past generations some hackers refused to make piracy as easy on their mods for Wii / WiiU homebrew and were still treated as the enemy by Nintendo, so being burned can't make them more sympathetic either. This is to say nothing for professional grey-market entities (ie Taiwan or China based mod chip/card manufacturers like the Gateway3DS, and Amiibo "emulator" disk "N2".) Piracy will happen no matter what and some users will always want to hack, customize and use their systems as they wish - even if it doesn't include piracy - so Nintendo would do better to focus on other elements. Bug bounties are great, but focusing on piracy primarily instead of simply overall experience is a poor focus and misguided.

 

[viscountalpha]

Don't forget, it's up to their whims if they decide to pay or not.

 

[MavericK]

20K is the maximum value they would pay. Minimum is $100.

Any guesses as to how many will actually receive the maximum, or anywhere near it?

 

[MrTryfe]

"Our new Constitution is now established, and has an appearance that promises permanency; but in this world nothing can be said to be certain, except death, taxes, and piracy."

-Benjamin Franklin

^True story.

 

[Flapjack]

I think if anyone is smart enough to hack any system, they have probably had a hand (or will in the future) of hacking other systems. When these people release exploits, they don't want to be known. If they are, they get ass-raped by the legal system (eg: geohotz). The most successful hackers are the ones who stay unknown. Hell, c4eva of Xbox hacking fame (did anyone ever figure out who he was?) worked M$ to death over the Xbox 360 firmware hacks. His efforts had them completely revise their disc format, require firmware flash of the drives in their consoles (to extract topology data and read "overburned" discs), and still didn't stop the exploits.

I can't see why anyone who is up to the task would settle to tell Nintendo about it for a paltry sum of cash (compared to what they could make), open themselves up to scrutiny, and potentially by "watched" by Nintendo and their associates for the rest of their lives....

 

[umeng2002]

People who crack Nintendo system usually do it because they are fans and want to do stuff with the system... not to make a few bucks debugging for Nintendo.