A new Microsoft bounty program is turning heads of hackers worldwide as the tech giant has thrown an open challenge!
When it comes to any technology-related products or services, security is of paramount importance these days. This is why, in a bid to make the technological front of Azure Sphere more secure, Microsoft has recently announced an interesting proposition.
A whopping $100,000 is now up for researchers and hackers from anywhere around the world who can successfully crack the elements of the tech giant’s custom-built Linux operating system for IoT, aka Internet of Things, devices.
Two years ago in 2018, the Redmond Washington based tech behemoth Microsoft launched Azure Sphere which is a high-level application platform with built-in communication and security features for internet-connected devices. It helps update, control, monitor, and maintain all kinds of IoT devices remotely.
Azure Sphere’s operating system happens to combine lot many elements of built-in hardware and software security which have been specifically designed to make it incredibly resilient against cyber attacks such as spoofing, DDoS and more. Two elements of the Azure Sphere platform which are key to its security are Pluton and Secure World.
Pluton, to protect the platform against tampering, acts as a security subsystem which generates cryptographic keys and monitors the digital signatures of network elements. Secure World, on the other hand, executes Microsoft security code and is part of the Microsoft’s operating environment for applications which run on Azure Sphere devices.
The tech giant has said that they are going to offer the $100,000 to researchers who are able to execute code in either of the two elements Pluton or Secure World.
The security program manager for Microsoft Security Response Center Sylvie Liu, in a statement, said that at the company they recognize the fact very well that security isn’t a ‘one-and-done’ event even though their platform Azure Sphere tends to implement security upfront and by default.
She further elaborated by saying that as more devices and services keep getting added on the platform, the risks involved increase as well. This is why those risks need to be consistently mitigated.
This new Microsoft bounty program has been named the ‘Azure Sphere Security Research Challenge’ and it is an expansion of the Azure Security Lab of Microsoft which was announced at Black Hat in the previous year 2019 in the month of August. Microsoft’s Azure Security Lab is a dedicated set of cloud environment which security researchers to test for vulnerabilities in the Azure platform.
She also mentioned that Microsoft wants to take a holistic approach by letting the entire research community look for high impact vulnerabilities in the platform before people with malicious intent find them.
This challenge is an application-only security research challenge for the duration of three months only. This challenge will also be offering special bounty awards along with providing researchers with additional resources to further help their efforts.
According to Liu, vulnerabilities which will be found in Microsoft Azure’s cloud portion will be eligible for the Azure Bounty Program Awards as it is only focused on the Azure Sphere OS.
Those who are interested to participate in this challenge can submit their applications by 15 May 2020 after which the challenge will commence from 1 June and end on to 31 August.
This is not the first time when a bounty program by Microsoft is attracting eyeballs of hacklers and researchers. Last year, Microsoft revealed that the company paid $4.4 million bug bounty to hackers in 12 months.
In October 2013 as well, the company paid whopping $100,000 to hackers for finding security vulnerabilities in the Windows operating system.
Offering bounty to hackers by tech giants is nothing new nowadays. Companies have been actively employing such strategies to iron out any technical issues or vulnerabilities that could skip the eyes of their department or could only crop up once the solution is used by a sizeable number of real users. Facebook, Google and Apple, the other big 3 of the tech industry, spent millions of dollars in bounty programs as a reward to deserving hackers every year.
Now, while the security landscape constantly changes with emerging technology and security threats, it remains to be seen what will the participating researchers be able to dig up during this challenge. We will keep you posted. Until then, stay tuned.
