A very interesting article by Marco Ramilli

Marco Ramilli has published an interesting article, titled “Internet of Broken Things: Threats are changing, so are we?”, about possible threats on IoT devices based on MQTT protocol.

Whats is MQTT?

From Wikipedia:

MQTT (formerly MQ Telemetry Transport) is an ISO standard (ISO/IEC PRF 20922) publish-subscribe-based “lightweight” messaging protocol for use on top of the TCP/IP protocol. It is designed for connections with remote locations where a “small code footprint” is required or the network bandwidth is limited. The publish-subscribe messaging pattern requires a message broker. The broker is responsible for distributing messages to interested clients based on the topic of a message.

How MQTT works

From Marco Ramilli’s article:

The protocol relays on a central node called “Broker” who is organised in specific programmable topics. Publishers (things) are able to publish informations to specific topics (such as but not limited to: temperature, localization, humidity, etc. ) while subscribers (applications) are able to get data from an interested and explicit topic. The following image represents a general architectural view. It’s clear that a poorly implemented authentication mechanism will let the subscribers free to get the overall published data.

MQTT Architecture Flow The beauty of unauthenticated MQTT sessions is in the subscriber topic list. Indeed it is able to subscribe to every topic on the selected brokers by simply putting an # as topic even if it does not know the topics list.

After this brief introduction, the article continues with a series of experiments focused on the search of unauthenticated MQTT brokers.

So, I really recommend you read the rest of the article, at this address: