Cloudflare wants to secure IoT connections to the internet

Cloudflare wants to secure IoT connections to the internet

Many people are worried about putting smart internet-connected devices in their homes or offices because of flaws that could allow attackers into their private networks.

Web optimization and security firm Cloudflare is trying to alleviate those fears with a new service that could allow internet-of-things manufacturers to protect devices from attacks and deploy patches much quicker.

Cloudflare's content delivery network is used by millions of people and companies to increase the performance of their websites and to protect them from malicious traffic. The company's servers work as invisible proxies between websites and visitors, providing on-the-fly encryption and firewall protection.

That technology has now been adapted to protect IoT devices as part of a new service called Cloudflare Orbit, launched Thursday. The service is aimed at device manufacturers and promises to provide them with the ability to defend their customers' devices against attacks even if they haven't been patched yet.

Hundreds of thousands of security cameras, digital video recorders, and other internet-connected devices have been compromised and enslaved by hackers over the past year. This has given rise to powerful botnets capable of launching crippling distributed denial-of-service attacks.

A hacked device can also provide attackers with a foothold inside a local area network and can be used to attack other local devices that wouldn't otherwise be accessible from the internet.

The poor state of security in the IoT world is not only caused by bad development practices that lead to firmware vulnerabilities, but also by slow patch deployment and adoption.

One vendor can sell hundreds of products and models, many of which are likely to share considerable portions of code with each other. A vulnerability in the code of one product model can affect dozens more, so it can be months before the vendor develops, tests, and releases firmware updates for all of them.

And even then, unless the products have an automatic update mechanism, which is rare, a large number of devices will never be patched. That's because users simply don't treat their IoT devices like they treat their computers when it comes to security updates.

Cloudflare Orbit seeks to take user behavior out of this equation and provides a way for device makers to defend devices against attacks even if they run outdated firmware or if no firmware patch is available.

Before connecting to the internet, Orbit-enabled devices will first establish a secure connection to Cloudflare's network, in a similar way in which computers access the internet through a virtual private network (VPN) service.

Cloudflare already has detection and blocking mechanisms in place at its network edge for a wide variety of attacks. On top of that, IoT manufacturers who use Orbit will be able to add their custom firewall rules to create so-called "virtual patches" for specific exploits.

This will protect devices immediately and will give vendors more time to work on firmware updates with permanent fixes. Those updates can also be distributed through Orbit when they're ready to be deployed.

Many IoT devices need to connect to their manufacturer's back-end servers in order to be accessed by users via smartphone apps. These servers act as a bridge so that roaming users can access their devices from anywhere.

In order to be protected against man-in-the-middle attacks, the connections between end-user devices and the manufacturer's infrastructure need to be encrypted. The servers also need a way to authenticate and identify each individual device, so that attackers can't spoof them.

The problem is that implementing encryption and authentication correctly is not an easy thing to do, and it's not uncommon for security researchers to find vulnerabilities in these components when testing IoT devices.

This is another aspect where Cloudflare Orbit can help because it offers the ability to deploy TLS Client Authentication, a form of TLS (Transport Layer Security) encryption where both the client and server have identifying certificates and use them to authenticate each other before establishing an encrypted connection. By comparison, when browsers establish a secure HTTPS (HTTP over TLS) connection to a website, it's only the server's certificate that gets checked.

By offloading the encryption and authentication tasks to Cloudflare Orbit, IoT vendors can rely on well-tested implementations and will free their own server resources. In addition, Cloudflare's technology uses compression and performance optimizations that reduce bandwidth usage and can result in lower power consumption and better battery life for the end user device.

Cloudflare Orbit is not a service that IoT users can opt into themselves, but it is encouraging to see efforts that attempt to tackle big IoT security problems like vulnerability response and patch distribution on a larger scale.

If adopted by IoT vendors, services like Orbit have the potential to improve the security of end-user devices, whether they're security cameras inside homes, smart lightbulbs in office buildings, or remotely controlled thermostats in industrial facilities.

IDG Insider


«Acer's new Holo 360 is a 360-degree camera in a smartphone


Android device updates: Galaxy S8, S8+ update arrives for T-Mobile and Verizon models»
IDG Connect

IDG Connect tackles the tech stories that matter to you

Add Your Comment

Recommended for You


Why does China spot security vulnerabilities quicker than the US?

Phil Muncaster reports on China and beyond


Everything you need to know about... Blockchain

IDG Connect tackles the tech stories that matter to you


What will be the single biggest security threat of 2018?

Kathryn Cave looks at the big trends in global tech

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.


Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.



Will Kotlin overtake Java as the most popular Android programming language in 2018?