Smart fridges, smart TVs, light bulbs, learning thermostats, smart speaker voice assistants, and a plethora of other smart machines are slowly sneaking into our homes and it makes sense for services and solutions to be developed in order to access and control them all.

The normal way to connect and control all these devices do this is via a third party hub which acts as a server to link them all together and talk to each other. That hub would normally use the Message Queuing Telemetry Transport (MQTT) protocol which is seen as the messaging standard for smart devices.

But a recent post by Avast, the security experts, has exposed how easy it is to exploit MQTT.

An Easy Target for Hacking

Manually controlling a few smart devices is not a problem, but as they increase in number in our homes, they take more time to manage, and so a smart hub is necessary. However what Avast found was that over 49,000 MQTT servers were publicly visible on the internet as a result of a misconfiguration out of the box, including 32,000 servers with no password protection, putting them at risk of leaking data.

The advantage for the cyber criminal is that if a server is publicly available, they can connect to it from anywhere.

Avast highlighted 5 easy ways a hacker could gain access to control your smart devices and the data streamed from them.

Connecting and subscribing to wildcard topics on an unprotected MQTT server

Connecting to unprotected smart hub dashboards on a secure MQTT server

Reading files on a protected MQTT server with a protected dashboard

Creating a UI on an unprotected MQTT server

Tracking device location

Martin Hron, Security researcher at Avast, said “It is frighteningly easy to gain access and control of a person’s smart home, because there are still many poorly secured protocols dating back to bygone technology eras when security was not a top concern.

“Consumers need to be aware of the security concerns of connecting devices that control intimate parts of their home to services they don’t fully understand and the importance of properly configuring their devices.”

The Avast report also echoes similar findings where security for connected devices and the internet of things is mostly regarded as an afterthought, which is worrying given the rise in interest in smart home tech by consumers.

“IoT devices are slowly creeping their way into our homes—it is crucial to implement them correctly now, as we will only be adding more as time goes on.” added Hron.

Like this: Like Loading...