In its recent blog post, Microsoft announced a bug bounty program, offering up to $100,000 to hackers who will manage to break the security of the company’s custom Linux-based OS called Azure Sphere, an operating system focused on the Internet of Things.
The challenge is dubbed Azure Sphere Security Research Challenge and is an extension of the Azure Security Lab that was announced last year.
The new challenge is aimed at researching and finding high-impact vulnerabilities in Azure Sphere in order to test its security. Anyone who will be able to get Secure World sandbox or Pluton security subsystem breached will get a reward of $100,000.
Azure Sphere is an IoT security solution that was developed for tech giant’s IoT platform and announced last year at Build developer conference. It delivers end to end security across OS, hardware, and the cloud, and ensures that basic applications and services run isolated in a sandbox for better security. Nowadays, the OS is used by businesses like Starbucks to secure the store equipment.
The challenge will last three months from June 1 until August 31. Those who want to apply for the program need to submit their applications before May 15, 2020. Accepted security researchers will get a notification about their participation in an email.
“We will award up to $100,000 bounty for specific scenarios in the Azure Sphere Security Research Challenge during the program period,” states the blog post.
Thus, the challenge focuses on the Azure Sphere OS, not the underlying cloud portion or physical attacks.
To help and support security researchers, Azure Sphere Security Research Challenge provides some resources:
- Azure Sphere development kit (DevKit)
- Access to Microsoft products and services for research purposes
- Azure Sphere product documentation
- Direct communication channels with the Microsoft team