Microsoft has opened its arms to hackers and is inviting them to prod the security of Azure Sphere to find flaws. As part of the Azure Sphere Research Challenge, the company will offer researchers rewards of up to $100,000 if they find dangerous exploits in the open-source service.
Sphere is based on Linux designed to enhance security around Internet of Things (IoT) devices. Azure Sphere is comprised of Microsoft microcontrollers alongside Sphere Linux-based OS and a Sphere cloud security service.
Microsoft rolled out Sphere in February and now wants hackers to put it to the test. With the Azure Sphere Research Challenge, researchers will have three months and is available for researchers working on Azure Secure World and Azure Pluton.
“This new research challenge aims to spark new high impact security research in Azure Sphere, a comprehensive IoT security solution delivering end to end security across hardware, OS and the cloud. While Azure Sphere implements security upfront and by default, Microsoft recognizes security is not a one-and-done event. Risks need to be mitigated consistently over the lifetime of a constantly growing array of devices and services.”
Microsoft is asking researchers to register to take part in the challenge before May 15. For approved hackers, Microsoft will supply the Azure Sphere development kit, product documentation, and communication channels to Microsoft support.
“By expanding the Azure Security Lab, we're providing more content and resources to better arm security researchers with the tools needed to research high-impact vulnerabilities in the cloud,” Microsoft notes.
Microsoft points out any security bugs found by researchers not registered will not be counted for the $100,000 reward. However, those bugs and vulnerabilities will be eligible to the company's public Azure Bounty Program.
This Azure Sphere Research Challenge will operate from June 1, 2020 through August 31, 2020.