Cloudflare wants to secure IoT connections to the internet

The Cloudflare Orbit service allows IoT manufacturers to protect devices against attacks even when firmware patches are not yet ready

Many people are worried about putting smart internet-connected devices in their homes or offices because of flaws that could allow attackers into their private networks.

Web optimization and security firm Cloudflare is trying to alleviate those fears with a new service that could allow internet-of-things manufacturers to protect devices from attacks and deploy patches much quicker.

Cloudflare's content delivery network is used by millions of people and companies to increase the performance of their websites and to protect them from malicious traffic. The company's servers work as invisible proxies between websites and visitors, providing on-the-fly encryption and firewall protection.

That technology has now been adapted to protect IoT devices as part of a new service called Cloudflare Orbit, launched Thursday. The service is aimed at device manufacturers and promises to provide them with the ability to defend their customers' devices against attacks even if they haven't been patched yet.

Hundreds of thousands of security cameras, digital video recorders, and other internet-connected devices have been compromised and enslaved by hackers over the past year. This has given rise to powerful botnets capable of launching crippling distributed denial-of-service attacks.

A hacked device can also provide attackers with a foothold inside a local area network and can be used to attack other local devices that wouldn't otherwise be accessible from the internet.

The poor state of security in the IoT world is not only caused by bad development practices that lead to firmware vulnerabilities, but also by slow patch deployment and adoption.

One vendor can sell hundreds of products and models, many of which are likely to share considerable portions of code with each other. A vulnerability in the code of one product model can affect dozens more, so it can be months before the vendor develops, tests, and releases firmware updates for all of them.

And even then, unless the products have an automatic update mechanism, which is rare, a large number of devices will never be patched. That's because users simply don't treat their IoT devices like they treat their computers when it comes to security updates.

Cloudflare Orbit seeks to take user behavior out of this equation and provides a way for device makers to defend devices against attacks even if they run outdated firmware or if no firmware patch is available.

Before connecting to the internet, Orbit-enabled devices will first establish a secure connection to Cloudflare's network, in a similar way in which computers access the internet through a virtual private network (VPN) service.

Cloudflare already has detection and blocking mechanisms in place at its network edge for a wide variety of attacks. On top of that, IoT manufacturers who use Orbit will be able to add their custom firewall rules to create so-called "virtual patches" for specific exploits.

This will protect devices immediately and will give vendors more time to work on firmware updates with permanent fixes. Those updates can also be distributed through Orbit when they're ready to be deployed.

Many IoT devices need to connect to their manufacturer's back-end servers in order to be accessed by users via smartphone apps. These servers act as a bridge so that roaming users can access their devices from anywhere.

In order to be protected against man-in-the-middle attacks, the connections between end-user devices and the manufacturer's infrastructure need to be encrypted. The servers also need a way to authenticate and identify each individual device, so that attackers can't spoof them.

The problem is that implementing encryption and authentication correctly is not an easy thing to do, and it's not uncommon for security researchers to find vulnerabilities in these components when testing IoT devices.

This is another aspect where Cloudflare Orbit can help because it offers the ability to deploy TLS Client Authentication, a form of TLS (Transport Layer Security) encryption where both the client and server have identifying certificates and use them to authenticate each other before establishing an encrypted connection. By comparison, when browsers establish a secure HTTPS (HTTP over TLS) connection to a website, it's only the server's certificate that gets checked.

By offloading the encryption and authentication tasks to Cloudflare Orbit, IoT vendors can rely on well-tested implementations and will free their own server resources. In addition, Cloudflare's technology uses compression and performance optimizations that reduce bandwidth usage and can result in lower power consumption and better battery life for the end user device.

Cloudflare Orbit is not a service that IoT users can opt into themselves, but it is encouraging to see efforts that attempt to tackle big IoT security problems like vulnerability response and patch distribution on a larger scale.

If adopted by IoT vendors, services like Orbit have the potential to improve the security of end-user devices, whether they're security cameras inside homes, smart lightbulbs in office buildings, or remotely controlled thermostats in industrial facilities.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Bitdefender 2019

This Holiday Season, protect yourself and your loved ones with the best. Buy now for Holiday Savings!

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?