Microsoft offers bug hunters $100K to hack its Linux smart home software

security image

The program is open to security researchers who apply by May 15.

James Martin/CNET

Microsoft wants Azure Sphere to be a really secure foundation for internet of things devices like webcams and garage doors, so it’s offering researchers up to $100,000 to find a way to break into the technology. Azure Sphere combines an approved processor with Microsoft’s own customized version of Linux called Sphere OS and a security service to detect problems and issue updates.

“We’re providing more content and resources to better arm security researchers with the tools needed to research high-impact vulnerabilities in the cloud,” said Sylvie Liu, a Microsoft security program manager, in a blog post this week. The program to find flaws in Azure Sphere OS is open to security researchers who apply by May 15, and those approved will get access to developer tools, Azure Sphere hardware and Microsoft researchers. They’ll have until Aug. 31 to find problems.

Bug bounties are a common way for companies to attract hackers to find security problems a software maker might not find on its own. Google, for example, offers up to $150,000 to anyone who demonstrates a way to crack a Chromebook from a website, and Apple offers up to $1 million for the most serious attacks. The bounties also help find problems that might otherwise be sold to intelligence services or criminals wanting to break into computers.

Security vulnerabilities are a particular problem with low-cost internet of things devices that may come from companies you’ve never heard of and that may get software updates rarely, if ever. But there are millions of them, making them a widespread problem. The massive Mirai botnet attack of 2015, which took over countless devices like security cameras, digital video recorders and network routers, showed the magnitude of the problem.

A decade ago under the leadership of former Chief Executive Steve Ballmer, it would have been unthinkable that Microsoft might distribute its own version of Linux, an offshoot of the Unix operating system family that’s built with the open-source principles Microsoft executives once called “un-American” and a “cancer.” But things have changed under the reign of today’s CEO, Satya Nadella. Linux is popular among many developers, and Microsoft now offers a version called the Windows Subsystem for Linux, or WSL 2.

Microsoft released its first version of Azure Sphere in February.

Source Article