Cloudflare wants to secure IoT connections to the internet

Cloudflare wants to secure IoT connections to the internet

The Cloudflare Orbit service allows IoT manufacturers to protect devices against attacks even when firmware patches are not yet ready

Many people are worried about putting smart internet-connected devices in their homes or offices because of flaws that could allow attackers into their private networks.

Web optimization and security firm Cloudflare is trying to alleviate those fears with a new service that could allow internet-of-things manufacturers to protect devices from attacks and deploy patches much quicker.

Cloudflare's content delivery network is used by millions of people and companies to increase the performance of their websites and to protect them from malicious traffic. The company's servers work as invisible proxies between websites and visitors, providing on-the-fly encryption and firewall protection.

That technology has now been adapted to protect IoT devices as part of a new service called Cloudflare Orbit, launched Thursday. The service is aimed at device manufacturers and promises to provide them with the ability to defend their customers' devices against attacks even if they haven't been patched yet.

Hundreds of thousands of security cameras, digital video recorders, and other internet-connected devices have been compromised and enslaved by hackers over the past year. This has given rise to powerful botnets capable of launching crippling distributed denial-of-service attacks.

A hacked device can also provide attackers with a foothold inside a local area network and can be used to attack other local devices that wouldn't otherwise be accessible from the internet.

The poor state of security in the IoT world is not only caused by bad development practices that lead to firmware vulnerabilities, but also by slow patch deployment and adoption.

One vendor can sell hundreds of products and models, many of which are likely to share considerable portions of code with each other. A vulnerability in the code of one product model can affect dozens more, so it can be months before the vendor develops, tests, and releases firmware updates for all of them.

And even then, unless the products have an automatic update mechanism, which is rare, a large number of devices will never be patched. That's because users simply don't treat their IoT devices like they treat their computers when it comes to security updates.

Cloudflare Orbit seeks to take user behavior out of this equation and provides a way for device makers to defend devices against attacks even if they run outdated firmware or if no firmware patch is available.

Before connecting to the internet, Orbit-enabled devices will first establish a secure connection to Cloudflare's network, in a similar way in which computers access the internet through a virtual private network (VPN) service.

Cloudflare already has detection and blocking mechanisms in place at its network edge for a wide variety of attacks. On top of that, IoT manufacturers who use Orbit will be able to add their custom firewall rules to create so-called "virtual patches" for specific exploits.

This will protect devices immediately and will give vendors more time to work on firmware updates with permanent fixes. Those updates can also be distributed through Orbit when they're ready to be deployed.

Many IoT devices need to connect to their manufacturer's back-end servers in order to be accessed by users via smartphone apps. These servers act as a bridge so that roaming users can access their devices from anywhere.

In order to be protected against man-in-the-middle attacks, the connections between end-user devices and the manufacturer's infrastructure need to be encrypted. The servers also need a way to authenticate and identify each individual device, so that attackers can't spoof them.

The problem is that implementing encryption and authentication correctly is not an easy thing to do, and it's not uncommon for security researchers to find vulnerabilities in these components when testing IoT devices.

This is another aspect where Cloudflare Orbit can help because it offers the ability to deploy TLS Client Authentication, a form of TLS (Transport Layer Security) encryption where both the client and server have identifying certificates and use them to authenticate each other before establishing an encrypted connection. By comparison, when browsers establish a secure HTTPS (HTTP over TLS) connection to a website, it's only the server's certificate that gets checked.

By offloading the encryption and authentication tasks to Cloudflare Orbit, IoT vendors can rely on well-tested implementations and will free their own server resources. In addition, Cloudflare's technology uses compression and performance optimizations that reduce bandwidth usage and can result in lower power consumption and better battery life for the end user device.

Cloudflare Orbit is not a service that IoT users can opt into themselves, but it is encouraging to see efforts that attempt to tackle big IoT security problems like vulnerability response and patch distribution on a larger scale.

If adopted by IoT vendors, services like Orbit have the potential to improve the security of end-user devices, whether they're security cameras inside homes, smart lightbulbs in office buildings, or remotely controlled thermostats in industrial facilities.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.


Why experience is the new battleground for partners

Join us for an exclusive webinar, in association with Hewlett Packard Enterprise and Technology Services Industry Association (TSIA) and learn about the latest industry insights and how technology services continue to evolve to deliver differentiated value, and how partners can be successful in 2021 and beyond.



The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards

The leading female front runners of the New Zealand ICT industry joined together for the annual Reseller News Women in ICT Awards event at the Hilton in Auckland, during which hundreds of guests celebrated 13 outstanding individuals who won awards, chosen from more than 50 finalists representing over 30 organisations.

Leading female front runners honoured at the 2020 Reseller News Women in ICT Awards
Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners

More than 500 channel leaders gathered in Auckland on 21 October at the ​Reseller News Innovation Awards ​2020 to celebrate the achievements of the New Zealand technology industry's top partners, start-ups, vendors, distributors and individuals.

Channel gathers to celebrate the Reseller News Innovation Awards 2020 winners
Show Comments