Seyed Ali Ghazi Asgar, Narasimha Reddy (Texas A&M University)

The Internet of Things (IoT) is experiencing exponential growth, with projections estimating over 29 billion devices by 2027. These devices often have limited resources, necessitating the use of lightweight communication protocols. MQTT is a widely used protocol in the IoT domain, but defective security configurations can pose significant risks for the users. In this work, we classify the most commonly used open-source IoT applications that utilize MQTT as their primary communication protocol and evaluate the associated attack scenarios. Our analysis shows that home automation IoT applications have the highest number of exposed devices. In addition, our examination suggests that tracking applications are prone to higher risks as the normalized percentage of exposed devices for this category is 6.85% while only 2.91% of home automation devices are exposed. To tackle these issues, we developed a lightweight, opensource exposure detection system suitable for both computerbased clients and ESP32 microcontrollers. This system warns the users of compromised MQTT broker which enhances the overall security in IoT deployments without any significant overhead.

View More Papers

Welcome to Jurassic Park: A Comprehensive Study of Security...

Abdullah AlHamdan (CISPA Helmholtz Center for Information Security), Cristian-Alexandru Staicu (CISPA Helmholtz Center for Information Security)

Read More

Mixnets on a Tightrope: Quantifying the Leakage of Mix...

Sebastian Meiser, Debajyoti Das, Moritz Kirschte, Esfandiar Mohammadi, Aniket Kate

Read More

SketchFeature: High-Quality Per-Flow Feature Extractor Towards Security-Aware Data Plane

Sian Kim (Ewha Womans University), Seyed Mohammad Mehdi Mirnajafizadeh (Wayne State University), Bara Kim (Korea University), Rhongho Jang (Wayne State University), DaeHun Nyang (Ewha Womans University)

Read More

Keynote talk by Prof. Gene Tsudik (University of California,...

Dr. Gene Tsudik, Distinguished Professor of Computer Science, University of California, Irvine

Read More