With IoT devices becoming commonplace in many homes, so are the security issues that come with it.
A vulnerability has been found with MQTT protocol, which is used on servers to connect and control Smart devices. MQTT is secure, but security problems may arise if the server is set up incorrectly, leaving appliances, doors, windows etc open to attack.
The servers used for IoT devices usually run on a PC or Raspberry Pi. They contain information about the status of devices in use in the home, as well as information about the user’s location.
Cyber Security firm, Avast, released a report into MQTT that shows how cybercriminals could gain access to smart homes via misconfigured servers. They found that over 49,000 MQTT servers were publicly visible on the internet due to a misconfigured MQTT protocol. It also included 32,000 servers that didn’t have password protection.
Cybercriminals could exploit this vulnerability and gain access to the device. They would then be able to see if windows or doors were open etc and track the user’s movements from the data. A lot of the devices running MQTT servers didn’t have any security at all, or usernames and passwords.
A very simple way to rectify this issue and safeguard your home is to set a secure username and password for the server and control any network traffic, including access to WiFi.