If this is your first time registering, please check your inbox for more information about the benefits of your Forbes account and what you can do next!
Microsoft chose Linux instead of Windows 10 to power an IoT security platform, and now it’s offering hackers $100,000 (£81,000) if they can break it.
For a start, this isn’t a challenge to hack into any old Linux OS. Instead, it’s a very specific Linux OS that Microsoft has in mind: one that powers its Internet-of-Things (IoT) end-to-end security platform.
The Azure Sphere operating system is a customized high-level and very compact Linux-based one, combined with a secure application environment for additional hardening. Throw this into a mix of hardware, software, and the inevitable cloud, and you get Microsoft’s IoT end-to-end security platform.
Azure Sphere is designed to help take much of the risk out of the IoT equation, and that’s why Microsoft has announced, May 5, a new phase in its Azure Sphere Security Research Challenge.
This new challenge will only run for a three-month period starting June 1. However, to apply to take part in the hacking bounty program, security researchers will need to submit their applications before May 15.
The 50 hackers who are accepted into the challenge pool will get all the resources they need to take on the scenario-based vulnerability discovery test. Resources that will include full access to the Azure Sphere development kit as well as to other Microsoft products and services that could be used during their research.
As part of the holistic approach to risk that Microsoft is adopting, it is hoped that the challenge will engage the security research hacking community to uncover any critical vulnerabilities that might otherwise go unnoticed.
Unnoticed, that is, until threat actors find and exploit them. Microsoft would hope that there are no such vulnerabilities that could enable the execution of code on the Pluton root of trust security subsystem for Azure Sphere, but if there are, then that could be $100,000 right there.
Find a vulnerability that would enable code execution on Secure World, situated below the custom Linux kernel, and where only Microsoft-supplied code should be able to run courtesy of the Security Monitor, and there’s another potential $100,000.
“Security is a team sport,” Sylvie Liu, the security program manager at the Microsoft Security Response Center, said, “and security researchers are so important to making technology as secure as possible.”
I’m a three-decade veteran technology journalist and have been a contributing editor at PC Pro magazine since the first issue in 1994. A three-time winner of the BT
I’m a three-decade veteran technology journalist and have been a contributing editor at PC Pro magazine since the first issue in 1994. A three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) I was also fortunate enough to be named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro called ‘Threats to the Internet.’ In 2011 I was honored with the Enigma Award for a lifetime contribution to IT security journalism. Contact me in confidence at [email protected] if you have a story to reveal or research to share.
World news – US – Microsoft Offers $100,000 If You Can Hack This Linux Operating System