Home » » Top IoT standards could be compromised by hackers

Top IoT standards could be compromised by hackers

No comments

New research from security firm Trend Micro has discovered major design flaws and vulnerable implementations related to two popular machine-to-machine (M2M) protocols used in IoT devices, Message Queuing Telemetry Transport (MQTT) and Constrained Application Protocol (Co2P).

The company's new report, co-branded with Politecnico di Milano, titled The Fragility of Industrial IoT's Data Backbone, sheds light on the growing threat of industrial espionage, denial-of-service and targeted attacks by abusing these protocols.

Over the course of four months, Trend Micro researchers identified over 200m MQTT messages and more than 19m CoAP messages that were leaked by exposed brokers and servers. 

Malicious attackers could locate this leaked production data using simple keyword searches and use it to identify lucrative information on assets, personnel and technology that could be abused to carry out targeted attacks.

IoT security concerns

Trend Micro's Vice President of cybersecurity, Greg Young explained how these protocols represent a massive security risk, saying:

“The issues we’ve uncovered in two of the most pervasive messaging protocols used by IoT devices today should be cause for organisations to take a serious, holistic look at the security of their OT environments. These protocols weren’t designed with security in mind, but are found in an increasingly wide range of mission critical environments and use cases. This represents a major cybersecurity risk. Hackers with even modest resources could exploit these design flaws and vulnerabilities to conduct reconnaissance, lateral movement, covert data theft and denial-of-service attacks.” 

The company's research shows how attackers could remotely control IoT endpoints or deny service by leveraging security issues in the design, implementation and deployment of devices using the MQTT and Co2P protocols.

Additionally, hackers could maintain persistent access to a target to move laterally across a network by abusing specific functionality in these protocols.



from TechRadar - All the latest technology news https://ift.tt/2SrDO1i
Share:

Related Posts:

No comments:

Post a Comment

Categories

Rove Reviews Youtube Channel

  1. Subscribe to our youtube channel
  2. Like our videos and share them too.
  3. Our youtube channel name Rove reviews.

WITNUX

This website is made by Witnux LLC. This website provides you with all the news feeds related to technology from large tech media industries like GSM Arena, NDTV, Gadgets 360, Firstpost and many other such ates altogether at technical depicts so that you need not go to several sites to view their post provide you advantantage of time.

From the developer
Tanzeel Sarwar

OUR OTHER NETWORKS

OUR YOUTUBE CHANNEL

ROVE REVIEWS PLEASE SUBSCRIBE

OUR FACEBOOK PAGE

The Rove Reviews

Support

Trying our best to provide you the best DONATE or SUPPORTour site Contact me with details how are you gonna help us