Microsoft hopes its Project Sopris initiative will help to secure low-cost IoT devices which have proven to have inherent weaknesses.
Sopris is the name Microsoft has given to an initiative which targets microcontrollers as they represent “a class of device particularly ill-prepared for the security challenges of internet connectivity.”
Tens of billions of devices use microcontrollers and each poses a potential threat to security and privacy. We’ve already seen hacks affecting children’s toys, and adult toys as reported this week, and that number will only grow without a radical change in how the security of low-cost hardware is approached.
One such prototype was developed in partnership with MediaTek
Microsoft’s team for the project consists of three highly-skilled researchers – Senior Architect George Latey, Principal Researcher Ed Nightingale, and Partner Research Manager Galen Hunt. Their first technical report on the subject entitled ‘The Seven Properties of Highly Secure Devices’ has been published here.
The report's abstract reads:
“Our group has begun a research agenda to bring high-value security to low-cost devices. We are especially concerned with the tens of billions of devices powered by microcontrollers. This class of devices is particularly ill-prepared for the security challenges of internet connectivity. Insufficient investments in the security needs of these and other price-sensitive devices have left consumers and society critically exposed to device security and privacy failures.”
Included as part of the report are the seven required aspects the Sopris team highlighted as being vital to secure devices; along with details of microcontroller prototypes which exhibit the aforementioned properties. One such prototype was developed in partnership with MediaTek where the company’s existing WiFi-enabled MT7687 chipset was revised to demonstrate a highly-secure microcontroller.
The research community has been invited to put the Sopris security kit, the team’s latest experiment, through its paces as part of the Project Sopris Challenge. Available bounties are in the range of $2,500 to $15,000 for those who discover vulnerabilities with the kit.
What are your thoughts on Project Sopris and IoT security? Let us know in the comments.
Interested in hearing industry leaders discuss subjects like this and sharing their IoT use-cases? Attend the IoT Tech Expo World Series events with upcoming shows in Silicon Valley, London and Amsterdam to learn more.