Don't Let The Cuteness Fool You - Exploiting IoT's MQTT Protocol

Presented at DeepSec 2017 „Science First!“, Unknown date/time (Unknown duration)

"Connect all the things!" - for some time now, this is the main theme when talking about IoT devices, solutions and products. Our eagerness to find new, and at times innovative, ways to make anything suitable to the anthem of the internet is a great promise for malicious activity. As these devices are supposed to be lightweight they mostly rely on a small fingerprint stack of protocols - one of those protocols is the message protocol - MQTT. We will go deep into protocol details, observe how common it is to find such devices (and how), and several novel ways to abuse any one of tens of thousands easily spotted publicly facing MQTT brokers on the internet for "fun and profit".

Presenters:

  • dalmoz (Moshe Zioni) - VERINT
    Moshe (dalmoz) have been researching security since youth, professionally since he was 18, when was actually surprised to find a place for his enthusiasm and talent. Consultant to many industry leaders, banks, software vendors, insurance companies, health organizations, governments and telecommunication service providers, both domestic and international. Interested in all security aspects, keeping his aperture wide and viewing the whole picture, while he can talk the talk and walk the walk when it comes to bits & bytes. Moshe have published research on various topics and presented at many conferences - including CCC in Germany, Hack-in-Paris in France, 44CON in the UK and others.

Links:

Similar Presentations: