Large-Scale Security Analysis of Real-World Backend Deployments Speaking IoT-Focused Protocols

TL;DR

This large-scale study analyzes the security of IoT backend protocols, revealing widespread vulnerabilities such as information leaks, weak authentication, and insecure transport use across millions of deployed systems.

Contribution

It provides the first extensive analysis of real-world IoT backend security, focusing on MQTT, CoAP, and XMPP protocols at scale.

Findings

9.44% backends expose information

30.38% CoAP backends vulnerable to DoS

99.84% use insecure transport protocols

Abstract

Internet-of-Things (IoT) devices, ranging from smart home assistants to health devices, are pervasive: Forecasts estimate their number to reach 29 billion by 2030. Understanding the security of their machine-to-machine communication is crucial. Prior work focused on identifying devices' vulnerabilities or proposed protocol-specific solutions. Instead, we investigate the security of backends speaking IoT protocols, that is, the backbone of the IoT ecosystem. We focus on three real-world protocols for our large-scale analysis: MQTT, CoAP, and XMPP. We gather a dataset of over 337,000 backends, augment it with geographical and provider data, and perform non-invasive active measurements to investigate three major security threats: information leakage, weak authentication, and denial of service. Our results provide quantitative evidence of a problematic immaturity in the IoT ecosystem. Among other issues, we find that 9.44% backends expose information, 30.38% CoAP-speaking backends are vulnerable to denial of service attacks, and 99.84% of MQTT- and XMPP-speaking backends use insecure transport protocols (only 0.16% adopt TLS, of which 70.93% adopt a vulnerable version).