Cloudflare’s New IoT Focused Security Solution

San Francisco based Cloudflare has had formed a significant presence in content delivery and internet security, especially considering the company is less than a decade old. To many industry observers, Cloudflare is a company that came at exactly the right time to capitalize on the growing number of cloud service and IoT operators.

Most recently, the company has announced their new Orbit security product, which will not only work with websites and other cloud services, but also with IoT devices.

IoT’s Impressive Growth is Not Slowing

Here are two critical stats that illustrate just how important the Internet of Things will be in 2017 and beyond.

  • Companies are expected to spend up to $5 Trillion on IoT devices and infrastructure between now and 2022. (BI Intelligence)
  • By 2022, there will be almost 23 billion IoT devices in use. This is up from roughly 7 billion that exist today. (BI Intelligence)

Security Continues to Be Critical

With such an explosion in growth, it’s no surprise that companies are taking security so seriously. With increasing numbers of devices connected to networks that are inherently vulnerable, industry innovators will need to continuously update their security solutions, just as we do on our corporate networks and desktop PCs today.

Cloudflare recently reported that they had seen an increase in DDoS and other attacks originating from compromised IoT devices. CCTV cameras were amongst the most exploited devices. Since discovering trends in attacks being sent from IoT devices, the company started working on a comprehensive IoT and cloud security solution. The result is Orbit. Orbit resides on the network layer in front of IoT devices.

Essentially, it’s between the internet and the things. The company worked closely with both vendors and innovators to ensure that their product was adaptable to the ever changing needs of IoT, which is a large part of the reason why Orbit sits on the edge of any protected network. It means that companies will be able to implement patches at an infrastructure level, and it won’t technically matter what kind of devices are on the other end.

Cloudflare has had its share of controversies in recent years, but their steps to help protect the Internet of Things could be a significant boost to their public image. Their scalable system has already received praise from companies like Qualcomm, Karamba Security, and Swift Sensors, and it will be interesting for any industry insider to see just how effective Cloudflare Orbit will be in the coming years.

DDoS Attacks Using IoT Devices

DDOS Attack. Information Concept. Red Arrow with “DDOS Attack” slogan on a grey background. 3D Render.

Is IoT Security Woefully Inadequate? Recent Events Indicate that It May Be So.

On October 21, a cybersecurity attack took place on connected devices. This attack on the Internet of things was unlike anything that has taken place in the past, and security experts fear that this historic attack is one that is only a small sample of things to come.

The attack primarily affected websites that utilized internet enabled platforms and delivered a Distributed Denial of Service (DDoS) attack. The IoT security attack took advantage of passwords that were set up by manufacturers, and had never been reset, allowing the cybercriminals a good number of systems that they could exploit.

What we’ve learned, is that there are people who are gaining a great deal of experience with impacting connected devices. So while it might seem small with a series of cameras, tomorrow it could be a power plant, or other series of devices that could result in a dangerous outcome. Companies need to be proactive and to secure their devices, and work on security updates on some of the backdoor items that criminals are finding. It is with better, more secure systems that the devices on the Internet of Things can be protected. As it stands right now, passwords and usernames can easily be stolen, and this can lead to a dangerous outcome. IoT security simply isn’t the best it can be.

In fact, doctors are even stepping in to voice their concerns about IoT security. When the latest series of attacks on the IoT came to light, Dick Cheney stated that his heart implants wireless access was disabled because of fear that someone would attack him. While the increased awareness of the threats is good, it shouldn’t dishearten those who want to break into the realm of the internet of things. All this means is that you need to take the time to explore how to make your networks more secure and work on security.

While a DDOS attack could potentially cripple a network, there are dozens of ways that you can prevent it from ever happening. That way, you can continue to utilize the system at hand, and never have to worry about a denial of service crippling your network in the process. After all, the IoT security is improving and IoT should improve your digital experience, not create a more stressful one.

Legislating the IoT

While he Internet of Things is a relatively new concept, it does have a few years now since the inception. It is beginning to take shape and to evolve more rapidly, changing the way that we live in dramatic ways.

What is Iot?

IoT or the internet of things, very simply put is a networked set of devices and items that may not traditionally be part of what you would consider computers. IoT is the use of the internet to control objects and services that impact people’s day to day life. These devices may include fitness devices, shoes, clothing, home appliances, automation, security and even medical devices.

These devices send and receive data and may be reviewed and analyzed to assist in our day to day living.

Of inordinate concern to data experts and security personnel is how great the impact may be on our privacy. In fact there is a lot of pressure by legislators to regulate the way in which the IoT is used and to create laws forcing companies to use specific types of security, to control the people who use that specific area of IoT and to cause companies to be held liable for problems with it.

That, sadly is a double edged sword. Much like the legislation of the internet opens the door for controlling many areas of the internet such as the free exchange of ideas and the development of open source materials and software, or the Net Neutrality opens the door and sets a precedent for the lawmakers of the US to legislate other areas of the internet, so too does legislating IoT set a dangerous precedent.

While it IS necessary to control and to provide for the security of devices such as insulin pumps and other medical devices, the concern is that if heavy legislation surrounds anything that may be linked to or connected to an IoT network, the delays and the slowing in development that may result could threaten the core of the IoT movement.

Whats your take on legislating Iot and where does security begin and is legislating it going to bring innovation to an end?

2015 in IoT Breaches-Security Counts

IoT, as we all know, is not without issues–though we have become reliant upon it in many ways. In 2015, there was some very viable and tangible proof that the IoT field is fraught with real peril and that we as IoT designers, developers and companies need to be paying more attention to security. Just how many different IoT companies and arenas were breached? The answer might surprise – not to mention terrify you.

Most of us read about the car that was taken over and driven into a ditch. The ramifications of that were clear to all of us, but some even more frightening things have taken place this year..

Did you know that a flight was taken over– and the man who took over the flight bragged that he had also manipulated the space station?

In the past year, the following IoT hacks have taken place.

Medical devices
–The FDA ordered that specific drug pumps be no longer used. The software was bad enough that hackers could change the dosage being delivered to people who were using them.So we have the possibility of murder by internet?? http://www.securityweek.com/fda-issues-alert-over-vulnerabl…

The DOE–According to a June 2015 Congressional Research Service (CRS) report, hackers successfully compromised U.S. Department of Energy computer systems more than 150 times between 2010 and 2014. “Records show 53 of the 159 successful intrusions were “root compromises ” “http://www.usatoday.com/…/cyber-attacks-doe-energy/71929786/

A Steel Mill –An entire steel mill was breached resulting in “massive destruction of equipment” http://www.wired.com/…/…/german-steel-mill-hack-destruction/

The US National Nuclear Security Administration–The people who are responsible for managing and securing the entire nation’s nuclear weapons stockpile, experienced 19 successful cyber attacks during the four-year period of 2010 – 2014

Firearms–TrackingPoint makes a smart rifle–what it does is to digitally “tag” a target, and then locks the trigger until the gun is perfectly positioned to hit it –and it can hit up to half a mile away but… now there has been a serious flaw found in the software so that a hacker could make a law enforcement hit the hostage rather than the intended target. http://money.cnn.com/2015/07/29/technology/hack-smart-rifle/

Offshore Oil Rigs –Hackers have also shut down an oil rig by tilting it sideways..They hit another rig so hard with malware it was not seaworthy for 19 days..

Government Buildings Department of Homeland Security recently disclosed that hackers had managed to penetrate a state government facility and a manufacturing plant in New Jersey–now all they did was change the temperature, but what COULD they have done.. really think about that.

Last.. but not least.. go ahead and buy that cool toaster and refrigerator….. a funny thing happened with hundreds of kitchens in the UK. All of them were hacked and the resultant hack wouldn’t allow them to make certain kinds of food in their toaster or store it in their fridge.http://www.cbronline.com/…/iot-security-breach-forces-kitch…

IOT is a time saver and offers us incredible convenience, but as we’re beginning to find out, there are some real ramifications to the use of IoT devices that we need to be aware of. More to the point, companies and industries who are offering these devices need to take full responsibility to assure the security of the devices they are offering. IoT security workers and developers are more important than ever before..

How Secure are Home IoT Devices?

home IoT devicesThe Internet of Things (IoT) is a phenomenon that is currently experiencing huge year on year growth. One of the fastest growing areas within the industry, is in the market of home IoT devices. These are devices designed to make life easier, such as connected garage door openers, smart switches, smoke alarms, and even IP surveillance cameras. There are almost 5 billion connected devices being used today, and according to Gartner Research, that number is expected to grow by 500% in the next 5 years.All of this shows a promising industry, but unfortunately the risks are never covered as much as the growth figures. IoT devices are often designed without a necessary focus on security or user privacy, and this is something that the industry needs to address.

Security Risks for IoT in the Consumer Space

Although IoT can be found in industries as diverse as medical and even manufacturing, it is the home markets that garner the headlines and consumer mindshare. People have come to expect that their security cannot always be maintained online. But the difference with IoT is that we’re not simply talking about passwords, emails, and social media accounts. Instead, we’re talking about access to the garage door, the front door, or even knowing whether or not somebody is home.

There are plenty of examples where common IoT devices have been found to be unsecure, or at least at risk of being compromised with relatively little effort.

The Fortify Security Software Unit at HP released case studies last year where they compared ten of the most popular devices used in home IoT. They found that seven out of ten devices had significant security issues. An average revealed 25 security risks in each individual product. The most prevalent problem was that IoT data was unencrypted as it was transferred through wireless networks. Worryingly, six of the devices didn’t even download firmware from encrypted sources. This leaves a possible risk where malicious firmware could be directed to home devices, providing external access for malicious parties.

HP isn’t the only company to have taken an interest in IoT security. Veracode recently published a report that was based on a similar survey of consumer devices. While the HP survey focused on devices like thermostats and lawn sprinklers, the Veracode study included critical devices, such as the Chamberlain MyQ Garage door opener, and the Wink Relay wall control unit. Veracode’s study looked more at risk than actual vulnerabilities, but the results were still significant.

The Wink Relay, if compromised, could allow external audio surveillance inside a user’s home. Information could be used for blackmail, to aid identity theft, or even for industrial espionage in relation to the resident’s employer. The Chamberlain garage door opener, if compromised, could mean that a third party could tell whether a garage door was open or not, allowing opportunities for easy, unauthorized entry.

Even if these devices connect to a relatively secure cloud platform, there’s always a risk that a home network could be compromised, and the fact is, few consumers are even aware of the dangers.

As we move forward, it is clear that security needs to be a top priority within IoT. Which means that stakeholders need to;

Understand the security risks involved with connecting home control devices to the cloud.
Provide necessary security on their platforms.
Educate consumers about security risks, and how they can protect themselves.
Focus on building a talent pool of network security professionals to complement their core IoT development teams.

IoT represents an exciting time in the evolution of consumer, corporate, service based, and industrial technologies. It is important that key developers and manufacturers don’t lose sight of security during times of rapid innovation. With the right talent, and the right approach, the industry can build highly secure infrastructure and devices. This will ensure trust and desirability remains high, with the potential to drive adoption and overall market growth.

The Internet of Things and the Right to Record

Right to RecordToday there are over 5 billion connected devices in the world that make up the Internet of Things (IoT). Research firms like IDC and Gartner predict that within five years’ time, this number will skyrocket to 25 billion. Although we often think of the ways these IoT devices can make our lives easier, make our homes smarter, improve manufacturing, and even revolutionize healthcare, there are some uses for IoT that aren’t as straightforward.

One of these, is how IoT has changed our ability to record the world around us, and immediately share what we capture. Combined with social media, this ‘right to record’ has brought into question when it is appropriate or not appropriate to record. More importantly, is it legal?

The Legalities of Recording in Public

Smartphones, tablets, and even connected eyewear are all part of IoT, and they’re all capable of recording pictures and video. The most obvious example to look at is the phenomenon of members of the public recording law enforcement officers, performing their duties.

  • There are a number of states that have an ‘all parties consent’ law, requiring that subjects be made aware of video, image, or audio capture that is taking place.
  • There is a clause, however. There should also be a reasonable expectation of privacy on behalf of the subjects. This means, with interpretation, that filming in public places, without consent, would be acceptable and legal.
  • Illinois and Massachusetts have ‘all parties consent’ laws, however they don’t allow for the provision regarding the expectation of privacy. In 2010, Tiawanda Moore was arrested for attempting to record law enforcement personnel with a cell phone. She was later acquitted of all charges (http://articles.chicagotribune.com/2011-08-25/news/ct-met-eavesdropping-trial-0825-20110825_1_eavesdropping-law-police-officers-law-enforcement).
  • It is not legal to record on private property, to make commercial gain from recorded material of another person’s likeness, or to use recordings to commit libel.

The Right to Record is a Two Way Street

Tech Republic, a leading trade publication for IT professionals, recently ran an opinion piece on how IoT and smart devices can cause controversy when it comes to the right to record. (http://www.techrepublic.com/article/the-right-to-record-is-not-a-question-of-technology-but-rather-power-and-policy/).

The article not only discussed the recording of law enforcement by private citizens, but also how it can be beneficial for law enforcement officers to constantly record their daily duties. Doing so would add a layer of transparency, and would serve to protect the interests of officers and their relevant governments, as well as the general public. This recording would be in addition to the already present police vehicle dash cams, and the surveillance cameras in most urban centers.

The questions then, are not as much about recordings been made in the first place, but rather about how they are used. Two key questions are;

  • Should law enforcement agencies have the right to publish footage or images of suspects before they have been convicted of crimes?
  • Should individuals have the right to publish police activity when footage or an image doesn’t portray an event or incident within its full context?

The Internet of Things is hugely dependent on constant information, easy accessibility to information, and the almost instant distribution of that information. IoT has changed the way that people expect services to work. Almost one third of those surveyed by the American Red Cross in 2012 would expect law enforcement or emergency assistance if they posted a request for help on a public social media website. Would those who are embracing social media be happy to post controversial images or videos of law enforcement agents in the line of duty? What if they were the ones being featured on a law enforcement social media account?

As more connected devices are able to easily record and share the world around us, lines will become blurred when it comes to rights. The ‘right to record’ could be considered a civil liberty under the right to free speech, so does the government share that same right? As IoT devices become more commonplace, and the internet of everything becomes a part of daily life, these questions will be answered, laws will be tested, and new precedents will be set.

20 million more IoT devices will be installed, carried, or worn by people at all levels of society, by 2020. Users and creators of IoT technologies will need to keep a close eye on ‘the right to record’, and how it impacts the industry and public perception of these devices in the years to come.