TransWikia.com

What simple security tests can I perform on my MQTT network?

Internet of Things Asked by Bence Kaulics on January 10, 2021

I am about to set up an MQTT network at home. I want to build up some knowledge by practical exercises. It would be a small network with the broker hosted on my laptop (Windows 7) and some Raspberry Pi powered client. Also I am thinking about making a client on my phone (Android).

My goal is to have a simple network on which I can experiment and I want to perform some security testing, experimenting first.

I have found an MQTT Server Test Suite which is designed to act as a malicious MQTT client. It is pretty promising to start with.

Test tool general features

  • Fully automated black-box negative testing
  • Ready-made test cases
  • Written in Java(tm)
  • GUI, command line, remote interface modes
  • Instrumentation (health-check) capability
  • Support and maintenance
  • Comprehensive user documentation
  • Results reporting and analysis

I am also interested in some more simple practices I can use to verify MQTT security features. What are the simplest ways for a beginner to perform some basic security verification on an MQTT network?

mosquittomqttsecuritytesting

2 Answers

Some ideas - I've not covered all combinations of with/without username/TLS, hopefully you can see where they are missing.

Can a client connect anonymously, no TLS?

mosquitto_sub -t test/topic -h <broker address>

Can a client connect if it provides a username but no password, no TLS?

mosquitto_sub -t test/topic -u <username> -h <broker address>

Can a client connect if it provides a username and a password (correct or not), no TLS?

mosquitto_sub -t test/topic -u <username> -P <password> -h <broker address>

Can a client subscribe to the $SYS topic and see information about the broker?

mosquitto_sub -t '$SYS/#' -v -h <broker address>

Can a client connect using TLS?

mosquitto_sub -t test/topic -h <broker address> -p 8883 --capath /etc/ssl/certs

Can a client subscribe to all topics? What does it see?

mosquitto_sub -t '#' -v

Repeat all the above when publishing as well.

Correct answer by ralight on January 10, 2021

Maybe stating the obvious, but I think it's important to emphasise that a beginner can't expect to build a secure network. Nothing wrong with learning though.

It looks like the primary security in MQTT is implemented at the transport layer, so that should be your focus for real security.

I'd be surprised if any automated test suite would be able to replicate the ability of an expert to find holes in your protocol implemention.

Answered by Sean Houlihane on January 10, 2021

Add your own answers!

Ask a Question

Get help from others!

Recent Questions

Recent Answers

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP