Memory Forensic Analysis of MQTT Devices

TL;DR

This paper explores forensic analysis techniques for MQTT-based IoT devices, demonstrating how to extract sensitive data from devices running MQTT brokers and clients to improve security investigations.

Contribution

It introduces methods for memory forensic analysis specific to MQTT devices, highlighting how to retrieve sensitive information from their memory.

Findings

Sensitive data can be extracted from MQTT device memory

Memory analysis reveals potential security vulnerabilities

Method enhances forensic capabilities for IoT security

Abstract

Internet of Things is revolutionizing the current era with its vast usage in number of fields such as medicine, automation, home security, smart cities, etc. As these IoT devices' uses are increasing, the threat to its security and to its application protocols are also increasing. Traffic passing over these protocol if intercepted, could reveal sensitive information and result in taking control of the entire IoT network. Scope of this paper is limited to MQTT protocol. MQTT (MQ Telemetry Transport) is a light weight protocol used for communication between IoT devices. There are multiple brokers as well as clients available for publishing and subscribing to services. For security purpose, it is essential to secure the traffic, broker and end client application. This paper demonstrates extraction of sensitive data from the devices which are running broker and client application.