Top IoT messaging protocols are laughably insecure, Trend Micro research shows

Japanese cybersecurity firm Trend Micro today published a report on the state of IoT security. The company found that two of the leading machine-to-machine (M2M) protocols have inherent design issues, and are frequently deployed in an insecure manner. According to Trend Micro’s report, The Fragility of Industrial IoT’s Data Backbone, the issues lie with two popular M2M protocols — Message Queueing Telemetry Transport (MQTT) and Constrained Application Protocol (CoAP). These are frequently used in IoT devices, particularly those found within an industrial context. The report, which was written by researchers Federico Maggi and Rainer Vosseler, states that using simple keyword searches, attackers have been able to locate exposed IoT servers and brokers, and leak over 200 million MQTT messages and 19 million CoAP messages. Attackers can then weaponize these in industrial espionage, denial-of-service attacks, and targeted attacks. Trend Micro was able to find messages relating to agriculture and healthcare. The researchers found 4,310 agriculture-related records from smart farms. Other records contained the precise location of ambulance, and data from monitoring devices attached to patients — along with their email addresses and location information.