"Connect all the things!" is, for some time now, the main theme when talking about IoT devices, solutions and products. Our eagerness to find new, at times - innovative, ways to make anything to rhyme along the anthem of the internet is a great promise for malicious activity.
As those devices supposed to be lightweight they mostly rely on a small fingerprint stack of protocols - one of those protocols is the message protocol - MQTT.
We will go deep into protocol details, observe how common is to find such devices (and how), and several novel ways to abuse any one of tens of thousands easily spotted publicly facing MQTT brokers on the internet for "fun and profit".
During the presentation we will learn about - WHAT is using MQTT (common and extreme examples) - How SPREAD OUT it is? I’ll be sharing statistical information on different MQTT brokers and version fragmentation collected during research - An OVERVIEW of o its infrastructure and protocol bit & bytes (no prior knowledge required, your head won’t be blown). o General purpose TOOLS – libraries, open source software and apps - RECON – exploring device’s settings, gathering intel, spotting vulnerable devices (+ dropping tools) - Identifying clients - EXPLOITING bad configurations for fun and profit (+ in-the-wild examples): o Spy on subscribers via MQTT o Running remote code on connected devices. o Hijack unsuspected servers and utilize them for evil (e.g. botnet communication). o Misconfigured broker spits machine’s credentials. - DEMOs - Notes on securing your own MQTT-wielding IoT device. - All tools and scripts that were used will be shared right after the talk
