The Internet of Things security crisis persists, as billions of inadequately secured webcams, refrigerators, and more flood homes around the world. But IoT security researchers at Microsoft Research have their eye on an even larger problem: the billions of gadgets that already run on simple microcontrollers—small, low-power computers on a single chip—that will gradually gain connectivity over the years, exponentially expanding the internet of things population. And that connected electric toothbrush needs protection, too.
The challenge with internet of things security so far has been the cost of implementing hardened features. It's cheaper and faster to develop a product without spending time and resources on security. Devices rush off the line without adequate protections, often riddled with bugs, and rarely have a mechanism for manufacturers to distribute patches. An attacker who penetrates those IoT devices can potentially steal data, rope the unit into a botnet, or even use it as a jumping off point to infiltrate other parts of a network.
At least for those full-featured IoT devices, fixes exist, even if they're rarely or poorly implemented. Smaller peripheral devices that run on microcontrollers, though, don't have the compute power to spare on security steps like encrypting data, or scanning for anomalous behavior. So Microsoft Research has poured its IoT efforts into Project Sopris, placing the IoT security focus to microcontrollers, while keeping costs down.