Security Analysis of a Communication Protocol: MQTT

Ricardo Ven\^ancio; Clarisse Sousa; Filipe Duarte; Lu\'is Ribeiro

arXiv:2605.15804·cs.CR·May 18, 2026

Security Analysis of a Communication Protocol: MQTT

Ricardo Ven\^ancio, Clarisse Sousa, Filipe Duarte, Lu\'is Ribeiro

PDF

TL;DR

This paper evaluates MQTT protocol security in IoT, identifying vulnerabilities like eavesdropping and DoS, and proposes mitigation strategies based on theoretical review and experimental testing.

Contribution

It provides a comprehensive security analysis of MQTT, highlighting critical risks and suggesting practical improvements for IoT applications.

Findings

01

Critical risks due to lack of encryption and authentication

02

Successful demonstration of eavesdropping and DoS attacks

03

Proposed mitigation strategies enhance MQTT security

Abstract

This paper analyzes the security of the Message Queuing Telemetry Transport (MQTT) protocol in the context of the Internet of Things (IoT). The main objective consists of identifying vulnerabilities and proposing security improvements. Adopting a hybrid methodology, a theoretical review was combined with an experimental demonstration in a simulated Smart Home environment. Eavesdropping, Tampering, Denial of Service (DoS), and Brute Force attacks were executed and analyzed. The results evidenced critical risks due to the absence of robust encryption and authentication. Finally, mitigation strategies and best practices are proposed to strengthen MQTT implementations.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.