When modern IoT gadgets rely on technology from the 1990s, it is unsurprising that security becomes a problem.
The emergence of connected Internet of Things (IoT) devices may have made home lives more interconnected, smart, and efficient -- in some cases -- but it has also caused a security minefield full of holes and exploits.
We only need to think back to the Mirai botnet, in which hundreds of thousands of IoT and mobile gadgets were enslaved to a botnet of such size that it managed to briefly knock out connectivity for an entire country.
The botnet was comprised of IoT devices using default credentials which are easy to brute-force. Since then, Mirai-style botnet copycats have emerged to target online services. In one recent case, a threat actor was able to build a botnet based on vulnerable IoT devices 18,000-strong in only 24 hours.
If lax security protocols are in place, anything from a smart lighting setup to security cameras can not only be compromised by threat actors, but used against their owners. Now, it seems the Message Queuing Telemetry Transport (MQTT) protocol, which is used to control smart home devices, is now causing a fresh security headache.
According to security researchers from Avast, MQTT is making its way into our homes and businesses as a means of controlling the vast array of IoT devices at our disposal. However, the cybersecurity firm says that the protocol, which requires a server or mini PC like the Raspberry Pi, is exposing IoT devices to attack.