Lilith Wyatt

Talk Title:

An Azure Sphere Security Breakdown

Abstract:

The Azure Sphere IoT platform is Microsoft's ambitious answer to IoT Security, and includes a number of lightweight security features inside its custom SoC and patched Linux kernel. Previously simple tasks like connecting to an arbitrary IP or running non-rop shellcode have been locked down and now require their own distinct vulnerabilities to perform.

On May 15th, 2020, Microsoft kicked off the (Azure Sphere Security Research Challenge), a three month bug hunt on the Azure Sphere platform. Among the teams and individuals selected, we (Cisco Talos) conducted a three-month sprint of research into the platform and submitted 16 vulnerabilities of various severity, including a privilege escalation chain to acquire Azure Sphere Capabilities (the most valuable Linux normal world permissions in the Azure Sphere context) by installing an app.

Bio:

Lilith Wyatt is a Senior Research Engineer with the Cisco Talos Vulndev Team, and is tasked with finding 0-day vulnerabilities in third party products. Her focus is usually in IoT devices and networking, and has found vulnerabilities in targets such as Vmware, Azure Sphere, and the Google Nestcam IQ. Before Talos, Lilith assembled burgers at McDonald's, trained to be a boxer while unemployed, and crafted pizzas for minimum wage.