Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/rundtstykker/application-security---mqtt

Lego windmill project (private)
https://github.com/rundtstykker/application-security---mqtt

Last synced: 5 days ago
JSON representation

Lego windmill project (private)

Host: GitHub
URL: https://github.com/rundtstykker/application-security---mqtt
Owner: rundtstykker
Created: 2022-03-03T16:16:21.000Z (over 2 years ago)
Default Branch: main
Last Pushed: 2023-06-24T19:43:32.000Z (over 1 year ago)
Last Synced: 2024-09-24T19:23:18.017Z (about 2 months ago)
Language: Python
Size: 5.86 KB
Stars: 1
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# lego MQTT publisher/subscriber
Demostatres how securtity vulnerabilities materialize in the kinetic world, especially in thr IoT field.

# Application vulnerabilities
Often custom-deployed MQTT brokers are not secured against strong authentication/authorization mechanism. This is often seen in upper-layer LoRa security, where application layer security is not present in LoRa and LoRaWAN networks. It's not uncommon to see clear-text MQTT messages used over LoRa and LoRaWAN networks. In the field, I've seen 1. no authentication or authorization on MQTT broker and topics 2. no encryption on the transit data with TLS or mcrypt for payload encryption.

You should encrypt MQTT traffic with TLS 1.2. Considering on the processing cycles available on hardware, this may not always be possible. Because proper (v1.2) TLS implementation requires overhead for generating thecertificate, applying and verifying the validity and certificate chains.

# Uage
main_run.py runs on the Onion Omega

test_pub.py is the attacker publishing messages to the MQTT broker on the Onion Omega