Microsoft Will Pay You Rs 76 Lakh If You Can Hack Their Linux-Based Operating System
Azure Sphere basically consists of a custom Linux kernel and OS which is paired with a microcontroller as well as a cloud-based security service that¡¯s responsible for safeguarding IoT devices.
Microsoft has just announced that it will pay any hacker $100,000 if he/she can breach into its Azure Sphere operating system.
In case you didn¡¯t know, Azure Sphere is an IoT (Internet of Things) OS based on Linux that is designed to be run on smart devices like smart refrigerators, smart speakers etc.
These IoT devices have been surrounded by security concerns, many of them are easy to be hacked into that allows a hacker to gain full control over the device¡¯s hardware. However, Microsoft claims that its approach is unbreachable and is challenging hackers to take a spin at it.
Microsoft Azure Sphere basically consists of a custom Linux kernel and OS which is paired with a microcontroller as well as a cloud-based security service that¡¯s responsible for safeguarding IoT devices.
Now Microsoft wants to let hackers probe the OS to look for critical vulnerabilities in order to make it more secure.
Microsoft says in a statement, "By expanding the Azure Security Lab, we're providing more content and resources to better arm security researchers with the tools needed to research high-impact vulnerabilities in the cloud."
This challenge is essentially an extension of the Azure Security Lab that was announced at Black Hat last year, offering rewards up to $40,000.
The current challenge has a duration of three months and they¡¯re looking for researchers who can execute code on Azure Pluton and Azure Secure World.
The Azure Sphere platform includes two sections -- a Normal World which is similar to Linux¡¯s user mode and a Secure World (supervisor mode) which is sitting under Microsoft¡¯s own Linux kernel. This is also the place where Microsoft¡¯s Security Monitor runs. Microsoft has also made it clear that only Microsoft-supplied code can run in Secure World.
In case hackers are able to find vulnerabilities outside the challenge parameters, they could be eligible for an award under the Azure Bounty Program. To help hackers, it is going to provide Microsoft products and services.