Microsoft puts up a $100,000 bounty for critical bugs affecting its Linux-based OS for Azure Sphere.

By

Liam Tung

| May 5, 2020 — 16:00 GMT (09:00 PDT)

| Topic: Security

Microsoft has launched the Azure Sphere Research Challenge, offering approved security researchers individual rewards of up to $100,000 for dangerous exploits that break the security of Azure Sphere, its Linux-based platform for internet-connected (IoT) devices.

Azure Sphere consists of a custom Linux kernel and OS, a connected microcontroller, and a cloud-based security service that ensures IoT devices like fridges and washing machines can be updated and maintained remotely with protections against denial-of-service attacks and rogue software updates. 

Azure Sphere reached general availability in February, and now Microsoft is ready to let select hackers probe its Linux-based OS for vulnerabilities. 

The Azure Sphere Research Challenge is an expansion of Azure Security Lab, announced at Black Hat in August 2019 with a top reward of $40,000. 

The duration of the new challenge is three months and offers the top reward of $100,000 to researchers who can execute code on Azure Pluton and Azure Secure World. 

The Azure Sphere application platform features Normal World, the Linux equivalent of user mode, and Secure World, which sits below Microsoft’s custom Linux kernel and is where the Security Monitor runs. Only Microsoft-supplied code can run in supervisor mode or in Secure World, Microsoft notes. 

Security bugs found outside the challenge’s scope, such as in the cloud portion of the Azure Sphere platform, could be granted awards under the public Azure Bounty Program. Physical attacks are out of the scope of both the challenge and the Azure Bounty Program. 

Microsoft will supply approved researchers an Azure Sphere development kit, access to Microsoft products and services for research purposes, Azure Sphere product documentation, and direct communication channels with the Microsoft team. 

“By expanding the Azure Security Lab, we’re providing more content and resources to better arm security researchers with the tools needed to research high-impact vulnerabilities in the cloud,” Microsoft notes. 

Microsoft is also tapping skills at several security firms with expertise in IoT security research, including Avira, Baidu International Technology, Bitdefender, Bugcrowd, Cisco’s Talos team, ESET, FireEye, F-Secure Corporation, HackerOne, K7 Computing, McAfee, Palo Alto Networks, and Zscaler. 

Researchers need to submit an application form to Microsoft before May 15, 2020. Microsoft will review applications each week and notify accepted researchers by email. 

The Azure Sphere application platform features Normal World, the Linux equivalent of user mode, and Secure World, which sits below Microsoft’s custom Linux kernel and is where the Security Monitor runs.

By

Liam Tung

| May 5, 2020 — 16:00 GMT (09:00 PDT)

| Topic: Security

By registering, you agree to the Terms of Use and acknowledge the data practices outlined in the Privacy Policy.

You will also receive a complimentary subscription to the ZDNet’s Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe from these newsletters at any time.

You agree to receive updates, alerts, and promotions from the CBS family of companies – including ZDNet’s Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe at any time.

By signing up, you agree to receive the selected newsletter(s) which you may unsubscribe from at any time. You also agree to the Terms of Use and acknowledge the data collection and usage practices outlined in our Privacy Policy.

© 2020 CBS Interactive. All rights reserved.
Privacy Policy |
Cookies |
Ad Choice |
Advertise |
Terms of Use |
Mobile User Agreement

Source: https://www.zdnet.com/article/microsoft-to-hackers-break-our-azure-sphere-linux-iot-os-and-earn-up-to-100k/

World news – GB – Microsoft to hackers: Break our Azure Sphere Linux IoT OS and earn up to $100k | ZDNet

En s’appuyant sur ses expertises dans les domaines du digital, des technologies et des process , CSS Engineering vous accompagne dans vos chantiers de transformation les plus ambitieux et vous aide à faire émerger de nouvelles idées, de nouvelles offres, de nouveaux modes de collaboration, de nouvelles manières de produire et de vendre.

CSS Engineering s’implique dans les projets de chaque client comme si c’était les siens. Nous croyons qu’une société de conseil devrait être plus que d’un conseiller. Nous nous mettons à la place de nos clients, pour aligner nos incitations à leurs objectifs, et collaborer pour débloquer le plein potentiel de leur entreprise. Cela établit des relations profondes et agréables.

Nos services:

  1. Création des sites web professionnels
  2. Hébergement web haute performance et illimité
  3. Vente et installation des caméras de vidéo surveillance
  4. Vente et installation des système de sécurité et d’alarme
  5. E-Marketing

Toutes nos réalisations ici https://www.css-engineering.com/en/works/

LEAVE A REPLY

Please enter your comment!
Please enter your name here