Azure Sphere security research: development mode

Published Nov 09 2021 10:10 AM 788 Views
Regular Visitor

Cisco Talos, a key partner in ongoing security research, recently published findings discovered in the development environment for Azure Sphere devices. After reviewing the findings on TALOS-2021-1341 and TALOS-2021-1344, Microsoft believes the approach described is implemented by design and does not present a security risk to customer production environments. These findings are unique to the development environment experience, which requires physical access to a device. Neither Cisco Talos nor Microsoft security experts have been able to reproduce the findings in the managed pre-production or production environments. We do not consider these particular findings to be vulnerabilities that affect customers with deployed devices at this time. Customers do not need to be concerned about devices in production: once a device moves from development mode to production mode, all applications are erased.

 

The Cisco Talos findings have value in describing the Azure Sphere system and in inspiring future researchers who may investigate this part of the system. We encourage their publication. As part of our dedicated processes for security assurance, we work with security researchers to help us uncover any potential vulnerabilities in our products and services. This partnership started with our Azure Sphere Security Research Challenge in 2020, in which Cisco Talos submitted the highest number of bounty-eligible cases. Cisco Talos has been an excellent partner and has continued to uncover vulnerabilities in Azure Sphere even since the conclusion of the Azure Sphere Security Research Challenge; vulnerabilities we’ve eagerly fixed and for which have issued CVEs.

 

Azure Sphere is a solution that combines hardware, a security-hardened operating system, and cloud-based security. The Azure Sphere pre-production and production environments are managed environments in which a device is subscribed to an application feed for which only signed OS and application updates are permitted to run on a device. Separate from these cloud environments, a device can only be claimed once to a tenant and only a developer with the right access privileges, such as admin or contributor, can put the device into development mode. When a device is unlocked for development, we do permit developers to exchange signature validation components in order to troubleshoot issues from expired packages or from future packages that would otherwise not pass validation. Devices can only be unlocked into development mode when physical access is available, and any changes would affect only that singular device. All applications—temporary or not—installed by the app developer are deleted upon reboot as a function of the OS itself when a device is reverted from development mode.

 

Microsoft and Azure Sphere continue to invest in the important work of security researchers such as Cisco Talos as part of our commitment to continually evaluating our security promise. Engaging with security researchers to uncover vulnerabilities is just one part of our holistic approach to cybersecurity: we continually assess our ability to help our customers manage risk and keep their businesses protected over time.

1 Comment
%3CLINGO-SUB%20id%3D%22lingo-sub-2928000%22%20slang%3D%22en-US%22%3EAzure%20Sphere%20security%20research%3A%20development%20mode%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2928000%22%20slang%3D%22en-US%22%3E%3CP%3ECisco%20Talos%2C%20a%20key%20partner%20in%20ongoing%20security%20research%2C%20recently%20published%20findings%20discovered%20in%20the%20development%20environment%20for%20Azure%20Sphere%20devices.%20After%20reviewing%20the%20findings%20on%20TALOS-2021-1341%20and%20TALOS-2021-1344%2C%20Microsoft%20believes%20the%20approach%20described%20is%20implemented%20by%20design%20and%20does%20not%20present%20a%20security%20risk%20to%20customer%20production%20environments.%20These%20findings%20are%20unique%20to%20the%20development%20environment%20experience%2C%20which%20requires%20physical%20access%20to%20a%20device.%20Neither%20Cisco%20Talos%20nor%20Microsoft%20security%20experts%20have%20been%20able%20to%20reproduce%20the%20findings%20in%20the%20managed%20pre-production%20or%20production%20environments.%20We%20do%20not%20consider%20these%20particular%20findings%20to%20be%20vulnerabilities%20that%20affect%20customers%20with%20deployed%20devices%20at%20this%20time.%20Customers%20do%20not%20need%20to%20be%20concerned%20about%20devices%20in%20production%3A%20once%20a%20device%20moves%20from%20development%20mode%20to%20production%20mode%2C%20all%20applications%20are%20erased.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20Cisco%20Talos%20findings%20have%20value%20in%20describing%20the%20Azure%20Sphere%20system%20and%20in%20inspiring%20future%20researchers%20who%20may%20investigate%20this%20part%20of%20the%20system.%20We%20encourage%20their%20publication.%20As%20part%20of%20our%20dedicated%20processes%20for%20security%20assurance%2C%20we%20work%20with%20security%20researchers%20to%20help%20us%20uncover%20any%20potential%20vulnerabilities%20in%20our%20products%20and%20services.%20This%20partnership%20started%20with%20our%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2020%2F10%2F06%2Fwhy-we-invite-security-researchers-to-hack-azure-sphere%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20Sphere%20Security%20Research%20Challenge%3C%2FA%3E%20in%202020%2C%20in%20which%20Cisco%20Talos%20submitted%20the%20highest%20number%20of%20bounty-eligible%20cases.%20Cisco%20Talos%20has%20been%20an%20excellent%20partner%20and%20has%20continued%20to%20uncover%20vulnerabilities%20in%20Azure%20Sphere%20even%20since%20the%20conclusion%20of%20the%20Azure%20Sphere%20Security%20Research%20Challenge%3B%20vulnerabilities%20we%E2%80%99ve%20eagerly%20fixed%20and%20for%20which%20have%20issued%20CVEs.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAzure%20Sphere%20is%20a%20solution%20that%20combines%20hardware%2C%20a%20security-hardened%20operating%20system%2C%20and%20cloud-based%20security.%20The%20Azure%20Sphere%20pre-production%20and%20production%20environments%20are%20managed%20environments%20in%20which%20a%20device%20is%20subscribed%20to%20an%20application%20feed%20for%20which%20only%20signed%20OS%20and%20application%20updates%20are%20permitted%20to%20run%20on%20a%20device.%20Separate%20from%20these%20cloud%20environments%2C%20a%20device%20can%20only%20be%20claimed%20once%20to%20a%20tenant%20and%20only%20a%20developer%20with%20the%20right%20access%20privileges%2C%20such%20as%20admin%20or%20contributor%2C%20can%20put%20the%20device%20into%20development%20mode.%20When%20a%20device%20is%20unlocked%20for%20development%2C%20we%20do%20permit%20developers%20to%20exchange%20signature%20validation%20components%20in%20order%20to%20troubleshoot%20issues%20from%20expired%20packages%20or%20from%20future%20packages%20that%20would%20otherwise%20not%20pass%20validation.%20Devices%20can%20only%20be%20unlocked%20into%20development%20mode%20when%20physical%20access%20is%20available%2C%20and%20any%20changes%20would%20affect%20only%20that%20singular%20device.%20All%20applications%E2%80%94temporary%20or%20not%E2%80%94installed%20by%20the%20app%20developer%20are%20deleted%20upon%20reboot%20as%20a%20function%20of%20the%20OS%20itself%20when%20a%20device%20is%20reverted%20from%20development%20mode.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EMicrosoft%20and%20Azure%20Sphere%20continue%20to%20invest%20in%20the%20important%20work%20of%20security%20researchers%20such%20as%20Cisco%20Talos%20as%20part%20of%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2020%2F04%2F28%2Fmanaging-risk-todays-iot-landscape-not-one-and-done%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Eour%20commitment%20to%20continually%20evaluating%20our%20security%20promise%3C%2FA%3E.%20Engaging%20with%20security%20researchers%20to%20uncover%20vulnerabilities%20is%20just%20one%20part%20of%20our%20holistic%20approach%20to%20cybersecurity%3A%20we%20continually%20assess%20our%20ability%20to%20help%20our%20customers%20manage%20risk%20and%20keep%20their%20businesses%20protected%20over%20time.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2928000%22%20slang%3D%22en-US%22%3E%3CP%3ESecurity%20researcher%20Cisco%20Talos%20recently%20published%20findings%20regarding%20Azure%20Sphere%20development%20mode%20and%20its%20unique%20permissions%20and%20security%20designs.%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22PreviewImage%20(1).png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F324271i73F4B635FA9468EA%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22PreviewImage%20(1).png%22%20alt%3D%22PreviewImage%20(1).png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2928000%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20IoT%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20Sphere%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EInternet%20of%20Things%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIoT%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMicrosoft%20IoT%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3018417%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Sphere%20security%20research%3A%20development%20mode%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3018417%22%20slang%3D%22en-US%22%3E%3CP%3EI%20wonder%20how%20many%20of%20those%20exploits%20were%20caused%20by%20using%20C%20as%20the%20Azure%20Sphere%20programming%20language%2C%20in%20spite%20of%20the%20security%20speech%20and%26nbsp%3B%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CEM%3EMicrosoft%20Security%3C%2FEM%3E%3CSPAN%3E%26nbsp%3BResponse%26nbsp%3B%3C%2FSPAN%3E%3CEM%3ECenter%3C%2FEM%3E%3CSPAN%3E%26nbsp%3Bsuggestions%20in%20safe%20systems%20programming.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmsrc-blog.microsoft.com%2F2019%2F07%2F16%2Fa-proactive-approach-to-more-secure-code%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmsrc-blog.microsoft.com%2F2019%2F07%2F16%2Fa-proactive-approach-to-more-secure-code%2F%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Co-Authors
Version history
Last update:
‎Nov 11 2021 10:39 AM
Updated by: