Microsoft’s $100000 bounty challenge is a three-month bounty program of $100,000. The challenge is open to anyone who can hack its custom Linux OS. According, to The Verge Microsoft, has built a custom version of Linux for its Azure Sphere OS. This OS focuses on its IoT platform. The custom OS ensures that the apps and basic services run in a sandbox for security reasons.
The deadline for applying for the Microsoft’s $100000 bounty challenge is 15 May 2020. The program will run for a period of three months starting from 1st June 2020. “We will award up to $100,000 bounty for specific scenarios in the Azure Sphere Security Research Challenge during the program period,” explains Sylvie Liu, a security program manager at Microsoft’s Security Response Center. The hacker is expected to breach the security of the Pluton security subsystem which is “the hardware-based (in silicon) secured root of trust for Azure Sphere. It includes a security processor core, cryptographic engines, a hardware random number generator, public/private key generation, asymmetric and symmetric encryption, support for elliptic curve digital signature algorithm (ECDSA) verification for secured boot, and measured boot in silicon to support remote attestation with a cloud service, as well as various tampering counter-measures including an entropy detection unit,” as per Microsoft.
So, what are you waiting for. Apply for the challenge at the following link
The challenge is focused only on Azure Sphere OS and neither the physical attacks nor an attack on the underlying cloud portion is part of this challenge.
Microsoft’s Azure offers cloud services to organizations to meet their business requirements. With Azure, an organization can set up and manage applications on a global scale with a framework of their choice.