Avast: There are tens of thousands of IoT devices are vulnerable to hacking

The Czech security company AVAST recently released a report saying that nearly 50,000 MQTT servers were exposed on the network due to misconfigurations and exposed to the public network.

MQTT, short for telemetry transmission of information sequences, is usually used to construct intelligent home communication protocols to control IoT devices in the home environment.

Most of these MQTT servers are built using personal computers or Raspberry Pi devices, and it is easy to create a home hub device using open source software.

The security company said that the MQTT protocol itself is safe. The main problem lies with the user, the user configuration error or even the password of the connection is not directly set.

Distribution map of MQTT servers with security risks: 

Hackers can use it to control the home garage door or smart voice devices in their homes after scanning these security-critical MQTT servers.

Among them, only 12,000 MQTT servers in China are exposed to the public network due to configuration errors, and hackers can remotely connect and find potential vulnerabilities.

More exaggerated is that 8,446 MQTT servers in China do not have a password directly, which means that anyone can easily connect by scanning the IP address.

These MQTT servers are usually built with open source free software. So many unset password servers may be because the users are new to the user.

The novice user follows the online query tutorial to set up the server step by step, but may not read the security prompt carefully, thus causing no password set.

Source, Image: avast