Researchers are to hack Azure Sphere OS in a 3 months prized contest organized by Microsoft.
Microsoft has offered to give ethical hackers the sum of $100,000 if they can successfully hack its custom-built OS for IoT devices. Azure Sphere, which serves as a customized platform for internet-connected devices, that can be controlled, updated, and remotely maintained was introduced by Microsoft in 2018.
The custom-built Linux Operating System is made up of some in-built hardware and software security components designed to withstand attacks such as DDoS, spoofing, and others while delivering automatic security fortification through Cloud, allowing basic services and programs run isolated in a sandbox for security purposes.
Secure World and Pluton components are vital to Azure Sphere's security platforms. Secure World is part of Microsoft's operating environment for applications that run on Azure Sphere devices for executing Microsoft security codes. However, Pluto operates as a security subsystem, generating cryptographic keys, and monitoring the digital signatures of network components to guard against tampering.
Microsoft Security Response Center’s Program Manager, Sylvie Liu said: “While Azure Sphere implements security upfront and by default, Microsoft recognizes security is not a one-and-done event. Furthermore, risks need to be mitigated consistently over the lifetime of a constantly growing array of devices and services.”
The research contest is centered on the Azure Sphere OS itself, and not the cloud section that is already up for Azure bounty program awards. Microsoft's quest is to seek for a group of security researchers to try and breach its Linux OS security. This contest is an expansion of Azure Security Lab, publicized at Black Hat in August 2019 in which a selected group of researchers were invited to battle it out in a safe cloud environment.
To apply and qualify for this research contest, your application form must be submitted before May 15, 2020. Applications are to be reviewed weekly and accepted researchers will be contacted via email. This research contest is to run from June 1, 2020, through August 31, 2020, for selected qualified applicants.