Microsoft offers $200K in Azure Sphere hacking challenge
- 06 May, 2020 16:43
Microsoft has revealed a new security research challenge for its Azure Sphere platform, offering key bounties totalling US$200,000.
Targeted towards finding flaws in the Sphere's operating system, the Azure Sphere Security Research Challenge is set to run from 1 June to 31 August.
On offer are two key bounties, referred to as scenarios, worth US$100,000 each for hackers that can execute code on the solution's Pluton security subsystem and its Secure World operating environment.
“While Azure Sphere implements security upfront and by default, Microsoft recognises security is not a one-and-done event,” a blog post published by the Microsoft Security Response Centre noted. “Risks need to be mitigated consistently over the lifetime of a constantly growing array of devices and services.”
Meanwhile, vulnerabilities found outside of the research initiative scope may be eligible for public Azure Bounty Program awards, which range from US$500 up to US$40,000, with bonuses of 20 per cent and 10 per cent for critical- and important-rated vulnerabilities, respectively.
Physical attacks are considered to be out of scope for both the challenge and the public Azure Bounty Program.
Entrants will also get access to the Azure Sphere development kit, product documentation as well as direct communication channels with Microsoft to assist them during the length of the challenge.
Entry into the challenge via application is open now until 15 May.
The Azure Sphere Security Research Challenge is an expansion to the Azure Security Lab, first announced in August 2019 at the Black Hat 2019 conference, which featured a payout of up to US$300,000, as reported by sister publication CSO, and was focused on emulating criminal hackers in a customer-safe cloud environment.