X
Business

Microsoft 'Project Sopris' takes aim at securing low-cost IoT devices

A new Microsoft Research team, Project Sopris, is looking to redesign microcontrollers in the name of making low-cost IoT devices more secure.
Written by Mary Jo Foley, Senior Contributing Editor

Microsoft researchers are working on a new project aimed at trying to secure low-cost Internet of Things (IoT) devices.

msprojectsopris.jpg

The Project Sopris team is "exploring the goal of security the vast number of low cost internet connected devices coming online," says the research page for the Sopris project, which was officially established March 31, 2017.

"As part of this research work, we have tested different approaches to device security from silicon to software and hypothesize that optimal device security must be rooted in hardware but kept up-to-date through evolving software," explain the researchers.

Among those working on Sopris are partner research manager Galen Hunt; principal researcher Ed Nightingale; and senior hardware architect George Letey. As unearthed by "The Walking Cat" (@h0x0d on Twitter), senior director of silicon and system architecture Rob Shearer also seems to be on the team.

Hunt has been a key member of a number of previous significant Microsoft OS research projects, including Singularity, Drawbridge, and Menlo.

The Sopris team has published its first technical report, titled "The Seven Properties of Highly Secure Devices."

That paper notes that the Sopris researchers are paying special attention to the "tens of billions of devices powered by microcontrollers," as they are not prepared for the security challenges posed by internet connectivity.

The Sopris team is working silicon partner MediaTek to revise one of their controllers -- the the Wi-Fi-enabled MT7687 -- to create a prototype of a highly secure microcontroller.

Microsoft is looking to have security researchers test the Sopris security kit via the Project Sopris Challenge. The application period for the challenge closes April 14. Microsoft is offering bounties from $2,500 to $15,000 for submissions of eligible security vulnerabilities found in its early research prototype.

Early findings indicate that "even the most price-sensitive devices should be redesigned to achieve the high levels of device security critical to society's safety," the researchers say.

Easily hacked IoT devices can turn a university's network against itself:

Editorial standards