According to sources hundreds of smart homes and businesses in India are at risk of leaking data due to misconfiguration of a protocol used to interconnect and control smart home devices via smart home hubs, warns new research from global cyber security company Avast. Meanwhile the researchers found more than 49,000 Message Queuing Telemetry Transport (MQTT) servers publicly visible on the Internet due to a mis-configured MQTT protocol.
Martin Hron security researcher at Avast said "It is frighteningly easy to gain access and control of a person's smart home, because there are still many poorly secured protocols dating back to bygone technology eras when security was not a top concern". Moreover consumers need to be aware of the security concerns of connecting devices that control intimate parts of their home to services they don't fully understand and the importance of properly configuring their devices.
Furthermore when implementing the MQTT protocol,
users set up a server. In the case of consumers, the server usually lives on a
PC or some mini-computer such as Raspberry Pi, to which devices can connect to
and communicate with. Reports added the MQTT protocol itself is secure, severe
security issues can arise if MQTT is incorrectly implemented and configured. Cyber criminals
could gain complete access to a home to learn when their owners are home,
manipulate entertainment systems, voice assistants and household devices, and
see if smart doors and windows are opened or closed.
