Due to the tremendous growth of Internet of Things (IoT) applications - e.g. smart homes, smart grids, smart factories – and the emerging integration into industrial systems, the cyber threat landscape for IoT and IIoT applications is rapidly evolving. Security by Design principles are still widely neglected in the design of IoT devices and protocols. For consumer IoT, the privacy of the applicant can be compromised when devices are inappropriately secured. With regard to Industrial IoT, the usage of insecure IIoT protocols such as MQTT can have a severe impact on the industrial environment such as failure or impairment of production systems. We evaluate the prevalence of exposed IoT and IIoT devices related to the protocol MQTT by means of the search engine Shodan. The approach, design and results of our analysis are summarized in this paper.
Read full abstract