New research from cybersecurity firm Avast has revealed that cybercriminals could gain access to smart homes through misconfigured Message Queuing Telemetry Transport (MQTT) servers.
The firm found that over 49,000 MQTT servers were publicly visible on the internet as a result of a misconfigured MQTT protocol including 32,000 servers with no password protection, putting them at risk of leaking data.
The MQTT protocol is used to interconnect and control smart home devices via smart home hubs. To implement the MQTT protocol, users set up a server and when done incorrectly, it could leave devices such as smart appliances, locks and even doors, open to attack.
Though the MQTT protocol is secure, severe security issues can arise if MQTT is implemented or configured incorrectly. This would allow cybercriminals the ability to gain complete access to a smart home to learn when the owners are home and even see if smart doors and windows are opened or closed. Under certain conditions, attackers could even track a user's whereabouts which is a serious privacy and security threat.
Security researcher at Avast, Martin Hron provided further insight on the discovery, saying:
“It is frighteningly easy to gain access and control of a person’s smart home, because there are still many poorly secured protocols dating back to bygone technology eras when security was not a top concern. Consumers need to be aware of the security concerns of connecting devices that control intimate parts of their home to services they don’t fully understand and the importance of properly configuring their devices.”
While having a smart home can be convenient, without the right security measures in place, it could become a prime target for cybercriminals.
Image Credit: Pixaline / Pixabay