Seyed Ali Ghazi Asgar, Narasimha Reddy (Texas A&M University)

The Internet of Things (IoT) is experiencing exponential growth, with projections estimating over 29 billion devices by 2027. These devices often have limited resources, necessitating the use of lightweight communication protocols. MQTT is a widely used protocol in the IoT domain, but defective security configurations can pose significant risks for the users. In this work, we classify the most commonly used open-source IoT applications that utilize MQTT as their primary communication protocol and evaluate the associated attack scenarios. Our analysis shows that home automation IoT applications have the highest number of exposed devices. In addition, our examination suggests that tracking applications are prone to higher risks as the normalized percentage of exposed devices for this category is 6.85% while only 2.91% of home automation devices are exposed. To tackle these issues, we developed a lightweight, opensource exposure detection system suitable for both computerbased clients and ESP32 microcontrollers. This system warns the users of compromised MQTT broker which enhances the overall security in IoT deployments without any significant overhead.

View More Papers

Sheep's Clothing, Wolf's Data: Detecting Server-Induced Client Vulnerabilities in...

Fangming Gu (Institute of Information Engineering, Chinese Academy of Sciences), Qingli Guo (Institute of Information Engineering, Chinese Academy of Sciences), Jie Lu (Institute of Computing Technology, Chinese Academy of Sciences), Qinghe Xie (Institute of Information Engineering, Chinese Academy of Sciences), Beibei Zhao (Institute of Information Engineering, Chinese Academy of Sciences), Kangjie Lu (University of Minnesota),…

Read More

Reinforcement Unlearning

Dayong Ye (University of Technology Sydney), Tianqing Zhu (City University of Macau), Congcong Zhu (City University of Macau), Derui Wang (CSIRO’s Data61), Kun Gao (University of Technology Sydney), Zewei Shi (CSIRO’s Data61), Sheng Shen (Torrens University Australia), Wanlei Zhou (City University of Macau), Minhui Xue (CSIRO's Data61)

Read More

Passive Inference Attacks on Split Learning via Adversarial Regularization

Xiaochen Zhu (National University of Singapore & Massachusetts Institute of Technology), Xinjian Luo (National University of Singapore & Mohamed bin Zayed University of Artificial Intelligence), Yuncheng Wu (Renmin University of China), Yangfan Jiang (National University of Singapore), Xiaokui Xiao (National University of Singapore), Beng Chin Ooi (National University of Singapore)

Read More