Carlotta Tagliaro,Martina Komsic,Andrea Continella,Kevin Borgolte,Martina Lindorfer
Abstract:Internet-of-Things (IoT) devices, ranging from smart home assistants to health devices, are pervasive: Forecasts estimate their number to reach 29 billion by 2030. Understanding the security of their machine-to-machine communication is crucial. Prior work focused on identifying devices' vulnerabilities or proposed protocol-specific solutions. Instead, we investigate the security of backends speaking IoT protocols, that is, the backbone of the IoT ecosystem.
We focus on three real-world protocols for our large-scale analysis: MQTT, CoAP, and XMPP. We gather a dataset of over 337,000 backends, augment it with geographical and provider data, and perform non-invasive active measurements to investigate three major security threats: information leakage, weak authentication, and denial of service. Our results provide quantitative evidence of a problematic immaturity in the IoT ecosystem. Among other issues, we find that 9.44% backends expose information, 30.38% CoAP-speaking backends are vulnerable to denial of service attacks, and 99.84% of MQTT- and XMPP-speaking backends use insecure transport protocols (only 0.16% adopt TLS, of which 70.93% adopt a vulnerable version).
What problem does this paper attempt to address?
The problem that this paper attempts to solve is the security of Internet of Things (IoT) back - end servers, especially those back - end servers that use IoT protocols for communication. Specifically, the paper focuses on the following three main issues:
1. **Information leakage**:
- IoT back - ends may expose different types of information, including software information (such as library versions) and the content of exchanged messages. In the worst - case scenario, an unprotected MQTT broker may leak data from medical devices (such as insulin pumps) as well as patients' personally identifiable information (PII). Attackers can use this information to further obtain access rights or launch attacks against specific individuals.
2. **Weak authentication mechanisms**:
- Weak authentication mechanisms are a known problem in the IoT. Due to the limited resources of IoT devices, implementing security features is costly, and developers often rely on "security - by - obscurity", that is, assuming that it is difficult to reverse - engineer device firmware. Even when best practices (such as TLS) are adopted, they are often improperly implemented. Attackers can gain full control of the system by bypassing authentication, and then access sensitive data, send malicious messages, or spread false data.
3. **Denial - of - service (DoS) attacks**:
- DoS attacks fall into two cases: attackers can target the IoT back - end or the IoT device itself. For the former, attackers can prevent communication between clients by crashing the back - end; for the latter, the client may become unresponsive or crash and be unable to perform its tasks. Considering the critical nature of some IoT deployments (such as power plants), such attacks may lead to power outages in a geographical area. Moreover, when the response of the back - end is larger than the request, they can serve as amplification reflectors for distributed DoS (DDoS) attacks. For resource - limited IoT devices, even a moderate amplification factor may overwhelm them. If the victim device is a medical device (such as an insulin pump), a DoS attack may pose a serious life - threatening to its users.
### Research methods
To evaluate the security of IoT back - ends, the authors conducted a large - scale security analysis, focusing on three commonly used IoT protocols: MQTT, CoAP, and XMPP. They collected a large - scale data set containing more than 337,000 back - ends and carried out non - invasive active measurements to investigate three major security threats: information leakage, weak authentication, and denial - of - service attacks. The research results provide quantitative evidence indicating that the IoT ecosystem has a serious immaturity problem. For example, 9.44% of the back - ends exposed information, 30.38% of the CoAP back - ends are vulnerable to DoS attacks, and 99.84% of the MQTT and XMPP back - ends use insecure transport protocols (only 0.16% adopted TLS, of which 70.93% used vulnerable TLS versions).
### Main contributions
1. **Data set construction**: Collected 337,464 back - ends using MQTT, CoAP, or XMPP protocols and recorded 10.6GB of network traffic.
2. **Security evaluation**: Conducted a large - scale evaluation of the security and privacy status of back - ends, studied misconfigurations and vulnerabilities, and discovered key security issues such as weak authentication and potential amplification attack risks.
3. **TLS usage analysis**: Studied the adoption of TLS, analyzed the insecure versions and encryption methods used, as well as expired certificates.
4. **Vulnerability disclosure and repair support**: Reported the discovered problems to back - end operators through the coordinated vulnerability disclosure (CVD) process and provided guidance to support repair work.
5. **Longitudinal analysis**: Repeated analysis shows that, despite improvements and disclosures, the security of some back - ends has become worse over time and is affected by more vulnerabilities.
Through these contributions, this paper provides important insights and data support for understanding and improving the security of IoT back - ends.