According to TrendMicro, the two most popular IoT protocols
are riddled with vulnerabilities which are exploiting multiple organizations environment
and causing data breachs, DDoS and targeted attacks.
The vulnerabilities are focusing on the two mostly used machine
to machine IoT protocols, MQTT (Message Queuing Telemetry Transport) and CoAP (Constrained
Application Protocol).
By default lack of built-in security in these protocols
exposed more than 219 million messages worldwide with in the four months of
research periods.
The report clearly defined how these security flaws are
helping the hackers to get into the private messages, sensitive information,
credentials, and industry related confidential data.
Security issues with the protocols implementation,
deployment and design can allow an attacker to malfunction the protocol to get
the persistent access and also move laterally across the network.
An arbitrary outbound code can be execute on a vulnerable
device to implement a MQTT client, according to CVE-2018-17614.
Data transporting over Telemetry protocol can also be “poisoned”
to fulfil the desired operations.
It is also to be said by the customers that the MQTT
protocol is being used in Facebook Messenger.
Likewise Bizbox Alpha Mobile lost 55,475 messages out of
which 1800 emails in last four months just because of using MQTT protocol for message transmission.
That report warned as the MQTT and CoAP are becoming popular
day by day, it can be used not only for DDoS but also in C&C and data exfiltration
purposes.
Trend micro suggested that security teams should
remove unnecessary M2M services, check if there is any data leakage happening
in public IoT services, implement proper vulnerability management model and
stay up to date with the latest update.
Reference: www.infosecurity-magazine.com
Keep sharing this kind of worthy information. I really enjoyed reading your article.
ReplyDeletevyaparpages
Article submission sites
Thanks buddy. I will try to bring some more. Meanwhile you can read my latest article on Threat inteIntellig. I hope you will like it. And please share my posts as well.
DeleteGreat Article
ReplyDeleteIoT Projects
Python Training in Chennai
Project Center in Chennai
Python Training in Chennai