Attackers can remotely control Internet of Things (IoT) endpoints or deny service by leveraging security issues in the design, implementation and deployment of devices using these protocols, say security experts
Cybersecurity solutions provider Trend Micro has discovered major design flaws and vulnerable implementations related to two popular machine-to-machine (M2M) protocols used in IoT devices, Message Queuing Telemetry Transport (MQTT) and Constrained Application Protocol (Co2P).
MQTT is a communication protocol widely used in both IoT and IIoT deployments. It is a publish-subscribe protocol that facilitates one-to-many communication mediated by brokers. CoAP is a client-server protocol that, unlike MQTT, is not yet standardized. With CoAP, a client node can command another node by sending a CoAP packet.
Growing threats identified
In its new report, the company highlighted the growing threat of industrial espionage, denial-of-service and targeted attacks by abusing these protocols.
Within four months period, Trend Micro researchers were able to identify over 200 million MQTT messages and more than 19milion CoAP messages that were leaked by exposed brokers and servers.
According to the researchers, malicious attackers could locate this leaked production data using simple keyword searches. They use this data to identify lucrative information on assets, personnel and technology that can be abused for targeted attacks, the researchers said.
How these protocols represent a massive security risk
Greg Young, Vice President of cybersecurity for Trend Micro, has warned organizations to revisit their operational technology (OT) security.
He said, “These protocols weren’t designed with security in mind, but are found in an increasingly wide range of mission critical environments and use cases. This represents a major cybersecurity risk. Hackers with even modest resources could exploit these design flaws and vulnerabilities to conduct reconnaissance, lateral movement, covert data theft and denial-of-service attacks.”
The researchers further revealed that attackers could remotely control IoT endpoints or deny service by leveraging security issues in the design, implementation and deployment of devices using these protocols.
Not just this, but hackers could maintain persistent access to a target to move laterally across a network by abusing specific functionality in these protocols.
How to stay safe
To mitigate the risks highlighted in the research, Trend Micro encourages organizations to:
- Implement proper policies to remove unnecessary M2M services
- Run periodic checks using internet-wide scanning services to ensure sensitive data is not leaking through public IoT services
- Implement a vulnerability management workflow or other means to secure the supply chain
- Stay up to date with industry standards as this technology is evolving rapidly
