Cloudflare wants to secure IoT connections to the internet

The Cloudflare Orbit service allows IoT manufacturers to protect devices against attacks even when firmware patches are not yet ready

Many people are worried about putting smart internet-connected devices in their homes or offices because of flaws that could allow attackers into their private networks.

Web optimization and security firm Cloudflare is trying to alleviate those fears with a new service that could allow internet-of-things manufacturers to protect devices from attacks and deploy patches much quicker.

Cloudflare's content delivery network is used by millions of people and companies to increase the performance of their websites and to protect them from malicious traffic. The company's servers work as invisible proxies between websites and visitors, providing on-the-fly encryption and firewall protection.

That technology has now been adapted to protect IoT devices as part of a new service called Cloudflare Orbit, launched Thursday. The service is aimed at device manufacturers and promises to provide them with the ability to defend their customers' devices against attacks even if they haven't been patched yet.

Hundreds of thousands of security cameras, digital video recorders, and other internet-connected devices have been compromised and enslaved by hackers over the past year. This has given rise to powerful botnets capable of launching crippling distributed denial-of-service attacks.

A hacked device can also provide attackers with a foothold inside a local area network and can be used to attack other local devices that wouldn't otherwise be accessible from the internet.

The poor state of security in the IoT world is not only caused by bad development practices that lead to firmware vulnerabilities, but also by slow patch deployment and adoption.

One vendor can sell hundreds of products and models, many of which are likely to share considerable portions of code with each other. A vulnerability in the code of one product model can affect dozens more, so it can be months before the vendor develops, tests, and releases firmware updates for all of them.

And even then, unless the products have an automatic update mechanism, which is rare, a large number of devices will never be patched. That's because users simply don't treat their IoT devices like they treat their computers when it comes to security updates.

Cloudflare Orbit seeks to take user behavior out of this equation and provides a way for device makers to defend devices against attacks even if they run outdated firmware or if no firmware patch is available.

Before connecting to the internet, Orbit-enabled devices will first establish a secure connection to Cloudflare's network, in a similar way in which computers access the internet through a virtual private network (VPN) service.

Cloudflare already has detection and blocking mechanisms in place at its network edge for a wide variety of attacks. On top of that, IoT manufacturers who use Orbit will be able to add their custom firewall rules to create so-called "virtual patches" for specific exploits.

This will protect devices immediately and will give vendors more time to work on firmware updates with permanent fixes. Those updates can also be distributed through Orbit when they're ready to be deployed.

Many IoT devices need to connect to their manufacturer's back-end servers in order to be accessed by users via smartphone apps. These servers act as a bridge so that roaming users can access their devices from anywhere.

In order to be protected against man-in-the-middle attacks, the connections between end-user devices and the manufacturer's infrastructure need to be encrypted. The servers also need a way to authenticate and identify each individual device, so that attackers can't spoof them.

The problem is that implementing encryption and authentication correctly is not an easy thing to do, and it's not uncommon for security researchers to find vulnerabilities in these components when testing IoT devices.

This is another aspect where Cloudflare Orbit can help because it offers the ability to deploy TLS Client Authentication, a form of TLS (Transport Layer Security) encryption where both the client and server have identifying certificates and use them to authenticate each other before establishing an encrypted connection. By comparison, when browsers establish a secure HTTPS (HTTP over TLS) connection to a website, it's only the server's certificate that gets checked.

By offloading the encryption and authentication tasks to Cloudflare Orbit, IoT vendors can rely on well-tested implementations and will free their own server resources. In addition, Cloudflare's technology uses compression and performance optimizations that reduce bandwidth usage and can result in lower power consumption and better battery life for the end user device.

Cloudflare Orbit is not a service that IoT users can opt into themselves, but it is encouraging to see efforts that attempt to tackle big IoT security problems like vulnerability response and patch distribution on a larger scale.

If adopted by IoT vendors, services like Orbit have the potential to improve the security of end-user devices, whether they're security cameras inside homes, smart lightbulbs in office buildings, or remotely controlled thermostats in industrial facilities.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?