Microsoft’s chip push continues with Azure Sphere: Securing gadgets with chips and Linux
Announcing MediaTek as a chip vendor suggests Microsoft's Azure Sphere means business.
By Mark Hachman
PCWorldApr 16, 2018 6:40 pm PDT
Microsoft continued its unexpected push into the chip business by announcing “Azure Sphere,” combining a chip design, a cloud security service, and even a Linux (!) kernel to better secure billions of IoT devices around the world.
In 2016, Microsoft announced that it had co-designed an FPGA, a specific type of programmable chip that would enhance the intelligence of its cloud servers. Although Microsoft engineers had undoubtedly influenced the designs of various components, from mice to the Xbox, the FPGA was the first instance we know of where Microsoft claimed ownership of a chip. Now there’s a second: The Azure Sphere includes a fixed-function microcontroller (MCU) that Microsoft is licensing, royalty-free, to whoever wants it.
The Azure Sphere chip, according to Microsoft president Brad Smith (pictured up top), will be built by and ship from MediaTek in 2018. “More hardware will follow,” he added. Smith did not disclose any details about the Azure Sphere chip, merely claiming that it would be “five times” as powerful as those on the market today. He did not comment on the chip’s architecture, but said only that its design would have networking functionality built in.
Microsoft published more details about the Azure Sphere chip on a separate page though, saying that it “combines the versatility and power of an [ARM] Cortex-A processor with the low overhead and real-time guarantees of a [ARM] Cortex-M class processor.” Its built-in Pluton security system creates a hardware root of trust, stores private keys, and executes complex cryptographic operations, the page says. Mediatek calls its chip the MT3620, and has more details of the 500 MHz chip here.
What this means for you: Microsoft already provides security solutions for 90 percent of the Fortune 500 corporations, Smith said, and Microsoft clearly wants to widen its reach. The inevitable conclusion, of course, is that a connected gadget will have to be considered as yet another vulnerable hole into your household, one that will have to be patched and updated as conditions require.
A one-stop security shop for connected devices
The idea, Smith said, is a “need to build security from the chip all the way up to the cloud.” Azure Sphere is an end-to-end security solution for the emerging market of 9 billion or so IoT products shipped this year. Many won’t be connected, but that’s changing, he said at a presentation at the RSA Security conference in San Francisco.
In 2016, for example, the Mirai malware took down hundreds of thousands of connected IoT devices, transforming them into a botnet that attacked security researcher Brian Krebs. Other IoT attacks have included reports of baby monitors being hacked. Azure Sphere would recognize and quash attacks of that sort before they could sprout, grow, and spread.
Microsoft already develops sophisticated software and services to protect PCs and enterprise services, some of which Microsoft said it had improved. Microsoft now provides automated tools for IT admins to “phish” employees with fake emails, called Attack Simulator, and a Secure Score tool quickly assesses the state of the enterprise’s security. But Smith said that Microsoft drew upon many different aspects of its business to come up the Azure Sphere solution.
Chances are that consumers won’t directly experience Azure Sphere, in the sense that it won’t be a product that consumers will be asked to configure. What’s surprising, though, is that Microsoft decided to ditch its own IoT efforts and simply write a custom Linux kernel that will power the initiative. An Azure Sphere security service will round out the solution.
“Microsoft is a multi-platform company, and has been for years,” a company representative said in a statement, explaining the choice of Linux over Microsoft’s existing Windows 10 IoT OS. “We chose Linux as the OS for two primary reasons: 1) the size of the OS footprint and 2) needs of our silicon partner ecosystem. The custom Linux kernel found in Azure Sphere has been optimized for an IoT environment and shared under an OSS license so that silicon partners can rapidly enable new silicon innovations.”
“The best solution for a computer of this size is not a full-blown version of Windows,” Smith said during the presentation, noting that it was Microsoft’s first custom Linux kernel in its 43-year history.
In all, Smith said, Azure Sphere represents a solution that “really no company has done before.”
Updated at 12:19 PM on April 17 to clarify Microsoft’s statement.