Skip to main content

MQTT Security

·113 words·1 min
IoT Security
Luĉjo
Author
Luĉjo
Studanto kaj via loka esperantisto

I had a very interesting IoT security homework assignment, where we had to look into various vulnerabilities in MQTT networks and I just find it very interesting that MQTT sends passwords and usernames in plaintext (as seen in the Wireshark image below) and offers very little security against immitation attacks.

Wireshark screenshot showing the username and password of a sensor in plaintext

One would think that just encrypting one’s messages would be sufficient, but actually others can listen in on the network and will find way of tricking the system. One could use a key management service or TLS with digital signatures to have more security, but that is also a lot of overhead. It is really challenging to protect low-power IoT devices from attackers.

Reply by Email