The basic principle behind this new security system is to funnel all the data traffic from the device to its end user or master update servers via a Tor-Kind connection, instead of using the public Internet.

A software is run to turn on a Tor configuration, which, in a simplified explanation, sets up a special Onion site on the device. Remote users who want to access the IoT device will need to know the Onion link to the software first, which will then relay the connection to the actual IoT device, working as a proxy. The advantages of using such a system are palpable, for both users and IoT vendors, who might be interested in embedding such technology into their devices by default.

First off, there's no need to complicate software development with setting up complex SSL/TLS certificates for supporting HTTPS connections, since all Tor connections are encrypted by default, with several layers of encryption (Onion protocol).

Secondly, users don't need to uselessly open firewall ports or use VPNs to access their IoT devices. All connections will go through the Tor hidden network, and nobody will know to what you're connecting. It could be your IoT baby cam at home or a drug marketplace. It's anyone's guess.

Scanning Tor-protected IoT devices is technically impossible. This means no more searching for vulnerable IoT devices via Shodan and blindly stumbling upon vulnerable equipment.