Hack the Planet with MQTT |
Abstract
Imagine a network protocol that connects mobile phones, cars, medical devices, power plants, prison gates and even particle accelerators to the internet. Imagine if online services relying on this protocol continued to increase rapidly every year. And now imagine if this protocol was made with inherent security weaknesses that allowed even those with limited technical ability to view sensitive information and in some cases even remotely control these devices? Meet MQTT or Message Queuing Telemetry Transport. This talk will explore the wild world of MQTT starting with what MQTT is and how it works. From here we will delve into how to discover internet connected MQTT brokers and then how to exploit IoT devices reliant on these brokers. This talk will show data collected from real MQTT brokers in the wild and demonstrate the scenarios attackers could use when exploiting these. So strap yourself in and get ready to hack the planet with MQTT. Speaker Bio: Steph is a pentester for Shearwater Solutions/CyberCX with a background in Threat Hunting and Digital Forensics. Obsessed with all things security, Steph conducts her own security research and sometimes lets curiosity get the better of her. |