Casa > cibernético Notícias > Misconfigured MQTT Protocol Puts Thousands of Smart Homes at Risk
CYBER NEWS

Protocolo MQTT mal configurado coloca milhares de casas inteligentes em risco

Para ninguém de surpresa, there is a relatively easy way for hackers to breach thousands of smart homes. Avast researchers recently warned about the MQTT protocol (Transporte de telemetria de enfileiramento de mensagens) qual, se mal configurado, poderia dar aos hackers acesso completo a uma casa inteligente. Como resultado dessa brecha de segurança, a casa pode ser manipulada de várias maneiras, incluindo seus sistemas de entretenimento e voz, vários aparelhos domésticos, e portas inteligentes.




What Is the MQTT Protocol?

Interconnecting and controlling smart home devices is possible using the Message Queuing Telemetry Transport (MQTT) protocolo, Avast explains adding that while the MQTT protocol itself is secure, if implemented and configured incorrectly, severe security issues may show up. Para provar que, Os pesquisadores "took a closer look and using the Shodan IoT search engine found more than 49,000 MQTT servers publicly visible on the internet due to a misconfigured MQTT protocol”.

Why is exploiting a misconfigured MQTT protocol so dangerous? basta dizer, Porque:

The protocol is meant as a subscriber/publisher model. It works like an RSS feed: you subscribe to a topic, and once someone publishes something on the topic, the payload is delivered to all subscribers.

What is mostly alarming is that this protocol is included in most smart home hub software solutions, such as Home Assistant. It is easy for users to either install a package with included MQTT or install the protocol separately when setting up the smart home hub.

It should also be mentioned that most smart home hubs typically subscribe and publish MQTT messages and provide logic. They also provide some kind of dashboard, either locally or remotely, where you can control the whole ‘smart’ home, os pesquisadores acrescentaram.

Story relacionado: Smart Home Assistants: Masters of Convenience ou um pesadelo de segurança?

Em cima disso, both MQTT and Mosquitto, the most common server software that applies the protocol, have “broad security capabilities,” which are nullified if they are poorly configured:

Como mencionado anteriormente, there isn’t a security issue with the MQTT protocol nor the most common server software that implements this protocol (or broker as it is known in the case of MQTT), which is called Mosquitto. De fato, both MQTT and Mosquitto have broad security capabilities — for example, to provide fine-grained access control by user and topic. As with many things, the problems are created in the implementation and configuration.

The researchers found a total of 49,197 misconfigured MQTT servers via Shodan, das quais 8,257 are in the U.S. além disso, do 32,888 MQTT servers with no password protection implemented, 4,733 are in the U.S., with only China having more misconfigured and unprotected MQTT servers than the U.S.

As users set up these systems to remotely control their smart home, they often expose not only the “dashboard” or control panel of the system, but also the MQTT server, as these two components usually run on the same machine or server. Quando isso acontece, it can leave users exposed, Os pesquisadores concluiu.

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...