Share via

Revoke or disable a tenanted Azure Sphere device

bill chadwick 136 Reputation points
2020-11-27T08:51:48.357+00:00

Revocation might be needed for example to prevent sensor data spoofing from a stolen device or perhaps following in-field device replacement (old device to be deactivated) etc.

How could an indivdual Sphere Device be 'revoked'?

How quickly could such a revocation be done?

What is the best way to do this? Is there perhaps discussion about this in a document somehere?

Thanks

Azure Sphere
Azure Sphere
An Azure internet of things security solution including hardware, operating system, and cloud components.
166 questions
Accepted answer
  1. QuantumCache 20,261 Reputation points
    2020-12-01T00:05:32.257+00:00

    Hello @bill chadwick Thanks for posting this great question!

    There is no way to revoke a device, as a device is associated with a tenant on a permanent basis. The built-in security of Azure Sphere protects the devices from theft or other online attack vectors as described in the 7 properties of highly secured devices (see below)

    Azure Sphere and the seven properties of highly secured devices

    Updated: 12/03/2020 PDT. Reason: Correction of previous incorrect verbiage.

    In my previous response, I may have inadvertently implied that disabling a device is possible by moving it to a device group and disabling updates. What I meant was that you can isolate a device from receiving updates but it will continue to authenticate and send data. My sincere apologies for any confusion this may have caused.

    I have created a uservoice request on your behalf to track the disabling of the device as a feature request. Please let me know if you have further questions and I am happy to assist you. Thank you!

    You might have already watched this video which gives info about Azure Sphere: Defense in depth for IoT devices, the particular timestamp discuss that the azure sphere checks not only OS-level security but also the application/developer side code if it meets the basic guidelines to make it all round secured.

    I also suggest commenting on your scenario on this similar product user-voice/feedback page link.

    Please comment below on how can we further help you in this matter or please share your thoughts on this matter.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. neo xiong 11 Reputation points
    2020-12-04T04:18:27.757+00:00

    Hello,

    Interesting topic and I want to understand more about your case and give some comments

    Previous conversation were focusing on how AS3 should disable a device, but AS3 actually is not doing something harmful. If a device is passing device authentication and attestation, it just receive a new validate cert.

    What I'm thinking is may be user should block this device from IoT hub or whatever solution backend they use. The device ID is the unique identifier of azure sphere chip.

    0 comments