Attack scenarios and security analysis of MQT - Bhavya Vimavala

Information about Attack scenarios and security analysis of MQT - Bhavya Vimavala

Published on January 30, 2020




1. || Date - 26-1-2020 || || Venue - Ahmedabad || || Presenter - Bhavya Shah || Attack Scenarios And Security Analysis of MQTT

2. MQTT - Message Queuing Telemetry Transport MQTT is a machine-to-machine (M2M)/"Internet of Things" connectivity protocol. It was designed as an extremely lightweight publish/subscribe messaging transport. It is useful for connections with remote locations where a small code footprint is required and/or network bandwidth is limited.

3. MQTT History

4. 1st Version Was Authored In 1999 By Andy Stanford-Clark Arlen Nipper

5. Designed for connecting Oil Pipeline telemetry systems over satellite

6. MQTT Version History

7. Some Of The Key Features of MQTT ● Facilitates one-to-many communication mediated by brokers ● It has facility to acknowledge the request ● Simple packet formats: binary payloads ● The protocol runs over TCP

8. Major Areas Where MQTT Is Used

9. IOT Devices IIOT (Industrial IOT)

10. Fitness Devices : Fitbit Health Devices : Blood Pressure Glucometer Monitors

11. Location Services : Owntracks Home Automation Kits : SmartThings (Samsung)

12. Google IOT Core Cloud Provider

13. Publisher Subscriber Subscriber Subscribe to “temp/roof” Subscribe to “temp/room” Publish: “20 C” Topic: “temp/roof” Publish: “50 C” Publish: “50 C” Topic: “temp/room” Publish: “20 C”

14. Topic Hierarchy Temp Roof Floor 1 Floor 2 DrawingRoom Room Room Kitchen Subscribing to the specific topic: Temp/Floor1/Room Temp/Floor1/DrawingRoom Temp/Floor2/Room Subscribing to all Room for the Temp: Temp/+/Room Subscribing to all topic of Temp: Temp/# (wildcard entry)

15. Basic Commands To run brocker server : mosquitto Subscribe for the topic : mosquitto_sub -t "topicname" Publish for the topic : mosquitto_sub -t "topic" -m "message"

16. Transmission Of Data In Clear Text

17. MQTT Over Internet

18. MQTT Integration With Application

19. Demo Of Subscribing To The Topic By Changing Or Creating New credentials

20. Backdoor Over The MQTT

Related presentations

Other presentations created by NSCONCLAVE