In this presentation, we report the first systematic study on the protection that leading commercial IoT clouds (e.g., AWS IoT Core, IBM Watson IoT, Azure IoT, Google Cloud IoT, Alibaba IoT, Tuya Smart) put in place for integrating MQTT to device-user communication. We found that in the absence of rigorous security analysis, these platforms' security additions (e.g., authentication, authorization, session management, etc.) to the protocol are all vulnerable, allowing the adversary to gain control of the device, launch a large-scale denial-of-service attack, steal the victim's secret data and fake the victim's device status for deception.

By Yan Jia, Luyi Xing and Yuqing Zhang

Full Abstract & Presentation Materials: https://www.blackhat.com/eu-19/briefi...