- This topic has 0 replies, 1 voice, and was last updated 5 years, 11 months ago by .
Viewing 0 reply threads
Viewing 0 reply threads
- You must be logged in to reply to this topic.
› Forums › Startups › News (Startup) › Major vulnerabilities found in CoAP & MQTT IoT protocols:
Tagged: Security_S12
#News(Security) [ via IoTForIndiaGroup ]
Security researchers have unearthed problems in a couple of machine-to-machine (M2M) protocols that could lead to hackers carrying out industrial espionage, denial-of-service and targeted attacks.
According to research carried out by Trend Micro, both the Message Queuing Telemetry Transport (MQTT) and Constrained Application Protocol (CoAP) have design issues and insecure deployment problems.
It said that more than 200 million MQTT messages and 19 million CoAP messages have been leaked by exposed brokers and servers, which attackers are able to locate online with simple keyword searches, and abuse for industrial espionage, denial-of-service and targeted attacks.
According to a report published by the IT security firm, titled “The Fragility of Industrial IoT’s Data Backbone“, 4,627,973 records containing private IP addresses have been leaked in four months – 219 of these had the password set to 12345.
The report also found that leaked messages from messaging apps such as Facebook messenger are prevalent. One specific instance from Bizbox Alpha mobile leaked 55,475 messages in over four months, of which about 18,000 were email messages.
“One of the brokers used by the app was misconfigured for a while, and leaked 55,475 messages in over four months, of which about 18,000 were email messages,” the report said.
Also at risk are smart farms, 4,310 agriculture-related records were leaked, including field data with precise location information and smart agriculture platforms. Data about the location of ambulances, and data from patient monitors is available to search online, including their email addresses and location information.