Hacking

M2M protocols can be abused to attack IoT and IIoT systems

Security experts from Trend Micro discovered that some machine-to-machine (M2M) protocols can be abused to attack IoT and industrial Internet of Things (IIoT) systems.

According to a study conducted by experts from Trend Micro and the Polytechnic University of Milan. attackers abuse M2M protocols to target IoT and IIoT devices.

The experts analyzed the M2M protocols, the Message Queuing Telemetry Transport (MQTT) and Constrained Application Protocol (CoAP).

The former one is a messaging protocol used to establish communication between a broker and multiple clients, the latter is a UDP client-server protocol that allows communications between nodes.

The experts pointed out that attackers could abuse M2M protocols for target reconnaissance, industrial espionage, targeted attacks, and to make lateral movements.

Researchers monitored both protocols over a period of four months, they the attacker’s role for their research

“For data gathering, we played the role of a casual attacker with modest resources, scanning the internet for exposed MQTT brokers and CoAP hosts. In just nearly four months, such a “casual attacker” was able to collect 209,944,707 MQTT messages obtained from 78,549 brokers and 19,208,047 CoAP responses from 441,964 servers.” reads the research paper.

The analysis of the MQTT protocol revealed the existence of security flaws that could be exploited to trigger DoS condition or execute arbitrary code. Trend Micro reported vulnerabilities to the developers of the affected software that have quickly released patches.

Below a video PoC of the attacks abusing the MQTT protocols:

The researchers did not find security flaws in the  CoAP protocol, but warned that it is susceptible to IP spoofing, attackers could exploit it for DDoS amplification attacks.

“However, the Request for Comments (RFC) defining the protocol, RFC 7252,5 explicitly pinpoints the security issues (mainly due to the “connectionless” nature of UDP), which we confirmed with a practical experiment.” continues the report.

“On a test network with CoAP clients and servers, we launched an amplification attack with increasing payload size and estimated the maximum bandwidth amplification factor (BAF). According to our estimate, CoAP can reach up to 32 times (32x) amplification factor, which is roughly between the amplification power of DNS and SSDP.”

Experts highlighted the risks that malware in the next future could abuse M2M protocols for malicious activity.

“MQTT and CoAP are data protocols playing a fundamental role in M2M communication among consumer and industrial applications. The presence of unsecure MQTT and CoAP deployments shows no improved security awareness since 2017, when this problem was first highlighted for MQTT.” concludes the report.

“Despite the security recommendations being well highlighted in the CoAP RFC, CoAP already suffers from a deployment problem similar to that affecting MQTT. Both MQTT and CoAP have some features that, even in the absence of implementation vulnerabilities, can be abused to the attacker’s advantage. When deploying or using MQTT and CoAP services, the following practical points should be considered.”

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Daniel’s Hosting, dark web)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

6 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

13 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

1 day ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

1 day ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

1 day ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

2 days ago

This website uses cookies.