China
Africa
Explore chapters and articles related to this topic
Cyber-resilience
Published in Stavros Shiaeles, Nicholas Kolokotronis, Internet of Things, Threats, Landscape, and Countermeasures, 2021
E. Bellini, G. Sargsyan, D. Kavallieros
In the case of IoT, due to the security problems arising from embedded devices and other legacy hardware, whose flawed design (such as the use of hardcoded administrative passwords) or their poor configuration allows cyber-criminals to easily compromise them in order to form powerful botnets and launch DDoS attacks. Most importantly, there is often no efficient way to patch those devices. Many such IoT devices can be located by using new search engines, for example, SHODAN (www.shodan.io), and this offers cyber-criminals the opportunity to exploit existing vulnerabilities on a large scale. Compromised IoT devices may exhibit arbitrary behavior, and hence communication from any such device should be quarantined, or even rejected, by other systems taking over this responsibility. This will affect the performance of the service provided.
MQTT Vulnerabilities, Attack Vectors and Solutions in the Internet of Things (IoT)
Published in IETE Journal of Research, 2023
Ahmed J. Hintaw, Selvakumar Manickam, Mohammed Faiz Aboalmaaly, Shankar Karuppayah
The current MQTT implementation verifies only simple security objects such as identity, authentication, and authorization policies [75]. Identity in MQTT states that the IoT node has the rights to access. Authentication gives the node identity and it confirms whether a node has rights to access. The client can set these policies by utilizing the username/password for specifying the identity or through SSL protocol which validates the client certificate in the MQTT server. IP address, as well as the digital certificate of the MQTT broker/server, is used to identify the MQTT broker/server. Encrypted communication is not given by the MQTT protocol itself. MQTT brokers provide the authorization security objects that restrict the connection only for the authorized client and rules control the node to publish or subscribe to the authorized topics. MQTT has various authentication and data encryption protection mechanisms [29] that are not supported and/or configured by default. However, the security of the MQTT protocol is based on a non-encryption authentication mechanism [24,86]. Sensitive data can be extracting from data in-transit by an attackers through traffic analysis. Information such as public IP address of the MQTT broker, Port number, and payload data of the nodes are mostly targeted by the sniffing attacks. list of threats that could be targeting MQTT due to its security gaps are detailed below [29]. Data Privacy: MQTT has no embedded mechanism for data encryption, by default. Whatever the authentication method is used by the broker or not, when data is transmitted between the broker and MQTT node the data still can be sniffed by the intruder.Authentication: The traffic can be sniffed by the intruder via publisher “Connect” packet node if intruder with publisher are at the same network. The username and password which will be utilized to make connection with broker are existing in such packet. In addition, “Keep Alive” packet can be tracked by the intruder. MQTT header is attached in this packet during the process of the authentication which indicates how long the MQTT broker connection will remain with IoT node. Consequently, the connection will be restarted after time expires and the resend “Connect” packet is initiated.Data integrity: Data could be altered while transmitting from publisher and subscriber by the intruders. After the ARP poisoning is successfully executed is performed, the packages could be altered via utilizing compiled filter by the intruders to make the network connection pass via the node of intruders.Botnet Over MQTT: In this scenario, Shodan search engine utilized by the intruder to search for a device which is to act as broker. Next, free broker server used by the intruder to redirect the victim’s node to it. In this case, “unsecured” broker utilized by intruder as intermediate to build an IoT botnet.