Open MQTT threat to IoT devices

Written by:
Lucie Sadler
Date Posted:
17 August 2018
Category:
Security

IoT devices at risk from data breach, as vulnerability found with Message Queuing Telemetry Transport (MQTT) protocol.

With IoT devices becoming commonplace in many homes, so are the security issues that come with it.

A vulnerability has been found with MQTT protocol, which is used on servers to connect and control Smart devices. MQTT is secure, but security problems may arise if the server is set up incorrectly, leaving appliances, doors, windows etc open to attack.

The servers used for IoT devices usually run on a PC or Raspberry Pi. They contain information about the status of devices in use in the home, as well as information about the user’s location.

Cyber Security firm, Avast, released a report into MQTT that shows how cybercriminals could gain access to smart homes via misconfigured servers. They found that over 49,000 MQTT servers were publicly visible on the internet due to a misconfigured MQTT protocol. It also included 32,000 servers that didn’t have password protection.

Cybercriminals could exploit this vulnerability and gain access to the device. They would then be able to see if windows or doors were open etc and track the user’s movements from the data.  A lot of the devices running MQTT servers didn’t have any security at all, or usernames and passwords.

A very simple way to rectify this issue and safeguard your home is to set a secure username and password for the server and control any network traffic, including access to WiFi.

Rating: 5.0/5. From 1 vote.
Please wait...

Learn how Medichecks were able to grow

Watch this short video to find out why Alistair Hall from Medichecks chose Hyve.

Learn how Medichecks were able to grow

Watch this short video to find out why Alistair Hall from Medichecks chose Hyve.

Case Studies


Hyve are 100% carbon neutral. We use carbon offsetting to balance out the release of carbon dioxide from our offices and infrastructure.