New research has highlighted an old problem: The Internet of Things isn’t exactly secure. Hardly news, you might say, but the researchers from Trend Micro discovered that two popular IoT protocols are insecure by design. So insecure, indeed, that they are putting both ‘Industry 4.0’ smart factory implementations and smart cities at risk. In fact, these are the design flaws that could quite literally turn the lights out.
The Fragility of Industrial IoT’s Data Backbone report found that both the Message Queuing Telemetry Transport (MQTT) and Constrained Application Protocol (CoAP) protocols are insecure by design and to make matters worse hundreds of thousands of both hosts are reachable via public-facing IPs. These machine-to-machine (M2M) communications form the core of Industrial IoT systems that are deployed within large-scale networks seen within smart factory and smart city projects. Paul Dignan, a senior systems engineer with F5 Networks, helped me to understand the more commonly used MQTT protocol better. « MQTT is a publish-subscribe messaging protocol that allows devices such as cameras, heat sensors and lP-enabled light bulbs to publish data to an intermediary module » he explained, continuing « by default, the data the protocol sends is un-encrypted when in transit, which ultimately means that applications can then subscribe to this intermediary module (also known as message brokers) and retrieve the published data. »
Source : Forbes