Taking Over the World Through MQTT - Aftermath

Presented at Black Hat USA 2017, July 27, 2017, 2:30 p.m. (50 minutes).

During a test, we found an open port on a server. After some digging, we realised this port was used by a protocol we never heard of before, namely MQTT. Therefore, we decided to dig a little a little deeper to see what this protocol had to offer.

Approximately thirty minutes later, we were looking at coordinates for airplanes. An hour later, the list had increased to include Prisons with door control, cars, electrical meters, medical equipment, mobile phones, status of home alarm and home automation systems and a whole lot of other devices. Not only could we see the data sent and received by these devices, but even more so, we could actually control the devices. We could send messages and commands, and we could even issue firmware updates to devices, and even open Prison Doors!

MQTT it is used by a lot of M2M IoT devices, especially devices that require low-bandwidth communication. There is very little previous research on this protocol and the devices that use it; all we found was a very basic fuzzer and a few posts about security. The protocol is widely used by devices with low or intermittent internet access.

We have created our own small tool for testing endpoints, and we have discovered that many times, protocol data is written into SQL databases, so we will also look at SQL and server attacks through this protocol. That was then, over a year ago. How does it look today? Is it getting worse? What new 'fun' devices have we found since then, and what was the worlds response to our findings?


Presenters:

  • Lucas Lundgren - Managing Security Consultant, IOActive
    Lucas Lundgren started breaking things at the age of twelve and has reported numerous vulnerabilities since then. A penetration tester for nearly 15 years, Lucas has worked with global security leaders including Sony Ericsson and IOActive. Lucas primarily focuses on penetration testing, fuzzing, and exploit development (any platform, any medium). He has a passion for IoT and Smart Technology.

Links:

Similar Presentations: