Netinfo Security ›› 2020, Vol. 20 ›› Issue (9): 37-41.doi: 10.3969/j.issn.1671-1122.2020.09.008

Previous Articles     Next Articles

A Large-scale Measurement Study of MQTT Security

XU Huikai1,2, LIU Yue1(), MA Zhenbang1, DUAN Haixin1,2   

  1. 1. QI-ANXIN Technology Group Inc., Beijing 100081,China
    2. Institute for Network Science and Cyberspace, Tsinghua University, Beijing 100081, China
  • Received:2020-07-16 Online:2020-09-10 Published:2020-10-15
  • Contact: Yue LIU E-mail:liuyue01@qianxin.com

Abstract:

Message Queue Telemetry Transmission Protocol (MQTT) is a lightweight protocol widely used in the Internet of Things. Through the measurement of the deployment of MQTT protocol nationwide, 27949 MQTTs are found exposed on the public network, more than 80% of the servers transmit data in plain text, and 57% of the MQTT servers do not perform client authentication at all. Even if some MQTT servers use TLS protocol which supports authentication and encryption, certificate deployment is vulnerable. Only 20.94% of the certificates can pass the verification process of trusted certificate. This paper analyzes the security threats of MQTT server, such as privacy theft, man-in the-middle attack, remote tampering of equipment, and puts forward the defense scheme and the next step work of MQTT server.

Key words: IoT, MQTT, man-in-the-middle attack

CLC Number: