It’s common knowledge that Internet of Things (IoT) devices are being hacked on a large scale and cyber criminals are turning them into a botnet that would then be used to launch DDoS attacks; finally a security solution may have arrived, and it is called Cloudflare Orbit.
Most of the hacked IoT devices were hacked because of the flawed systems or weak default credentials all the while manufacturers claim that they’re issuing patches for these vulnerabilities on a regular basis. The problem seems to lie at the user’s end since most people whose devices were hacked don’t care for updating them and making sure that their security is at its best.
On the other hand, in the industrial control, where this kind of devices are used in life-crucial functions, it shows that applying the updates wasn’t that easy, since they’d have to be scheduled, and this is only applied to cases where the devices can be patched at all, which is not always the case.
The model where the user is responsible for getting and installing a patch is seen as a relic of a PC age, and it would appear that PC security doesn’t work for IoT. The problem is that the users don’t seem to feel the same need to update their devices regularly, and since the perfect system cannot be written on the first go, this is something that must change.
The solution needed to be found; one that doesn’t involve something like recalling the flawed devices for which a similar method was used on the one that involved fixing the ShellShock vulnerability. This was now achieved by Orbit, which provides a shield around the device, and it protects it from exploits. It’s a filter that can regularly be updated, without the need for the user to do a thing.
Around 120 million devices are already under the networks protection, which makes them a lot safer. Basically, the IoT companies don’t have to patch up each flawed device, but instead, they update the filter around the device, which is the Orbit network. The updates are applied immediately, and all of the devices are instantly protected from every new threat.
The common problem was also how to tell real clients apart from bots that are pretending to be clients. This was worked out as well, through the new TLS Client Authentication. This concept is very useful but still needs to be further developed and worked on. Even though it can authenticate the real customers, it can still be overflooded, and this poses a problem.
When it comes to the overall impression that Orbit has left on people, it’s extremely good, and it’s being accepted by everyone, including the CEO of Swift Sensors – Sam Cece, Ceo of Karamba Security – Ami Dotan, VP and global head of Qualcomm Ventures – Quinn Li, and professor of computer science at Princeton University and CTO of Timescale – Michael Freedman.
They all agree that we’re at the beginning of a new era, that will see more and more IoT devices used in everyday lives, and that layers of security like this that already compliments the existing security can never be a wrong thing