Microsoft offers hackers $100K to break Azure Sphere
Microsoft announces $100,000 bounty for exposing vulnerabilities in Azure Sphere
Microsoft recently launched the Azure Sphere Research Challenge, offering approved security researchers up to a $100,000 reward for identifying dangerous exploits that could potentially impact the security of Azure Sphere, the company’s Linux-based platform for IoT devices.
Azure Sphere became available to users in February 2020, and Microsoft is now ready to hand the reins to select hackers and allow them to probe it for vulnerabilities. The Azure Sphere Research Challenge is in addition to Microsoft’s current Azure Security Lab initiative, which Microsoft announced at Black Hat in August 2019.
The new Azure Sphere Research Challenge is a three-month event that could provide hackers a hefty $100,000 bounty. To earn the six-figure reward, researchers must successfully execute code on Azure Pluton or Azure Secure World.
To participate in the challenge, individuals must submit an application to Microsoft before May 15, 2020. Microsoft will review applications each week and notify those who’ve been accepted via email.
Microsoft will supply approved hackers with an Azure Sphere development kit, access to Microsoft products and services, Azure Sphere product documentation and direct communication with the Microsoft team.
"By expanding the Azure Security Lab, we're providing more content and resources to better arm security researchers with the tools needed to research high-impact vulnerabilities in the cloud," Microsoft noted in the announcement.
Microsoft is also tapping security firms, such as Avira, Baidu International Technology, Bitdefender, Bugcrowd, Cisco's Talos team, ESET, FireEye, F-Secure Corporation, HackerOne, K7 Computing, McAfee, Palo Alto Networks and Zscaler to participate.
Microsoft’s Azure Sphere Research Challenge will run from June 1, 2020, through Aug. 31, 2020