First connection of our IOT thing to our MQTT server. Security


 


Acabamos de realizar la primera conexión de nuestro dispositivo (Thing/IOT) basado en el micro-controlador ESP32 usando el protocolo MQTT a nuestro broker MQTT.

Usando un tipo de conexión TCP (el mas simple) hemos podido comprobar como no hay nada de seguridad. 

Desde IOT-Malaga la seguridad va a ser siempre lo primero, y siempre vamos a comprobar que todas las conexiones y trafico sean cifrados. Analizando el trafico a nivel de paquetes con tcpdump y wireshark.

Interesante ver como podemos ver todos los detalles del protocolo MQTT en wireshark... y el usuario y contraseña. Este ejercicio se ha realizado para comprobar lo importante que es la seguridad en los IOT.







We have just done our first connection of our device/thing/IOT (based on micro-controller ESP32) using MQTT protocol, and connected to our own MQTT server.

Using type of connection TCP (with no TLS), then we have checked that there is nothing of security.

From IOT-Malaga security is going to be always the first term to have into accout. We will design our projects to be always secure.

Just for checking and training purposes qe have analyzed the traffic (network packets) tcpdump and wireshark.

Very interesting to see how we can see all the details of the MQTT protocol in wireshark..

we can also see the user, password, etc

This exercise has been only done to check how important is the security in IOT.








Comentarios

Publicar un comentario

Entradas populares de este blog

gr-gsm GSM traffic in wireshark!!! IMSI catcher

Imagen
 gr-gsm is a powerful library that in conjuntion with any GSM receptor, give lot of utilities for playing. Below the link for the utilities: GitHub - ptrkrysik/gr-gsm: Gnuradio blocks and tools for receiving GSM transmissions Today, in some minutes, we have been able to scan: grgsm_scan and locate a connected gsm device. You can note the frequence, and then in a second command you can type: grgsm_livemon  -f 927.8M That will show in console the different GSM packets received, Finally in a third window you can filter into wireshark to execute with the filter gsmtap. wireshark -k -Y '!icmp && gsmtap' -i lo We got very surprise to be able to get GSM traffic in the wireshark, ready to be analysed. We have been reading different times about the imsi catcher. Today we have been able to check how easy is to capture IMSIs, in 5 seconds, we have capture lot of imsi of different persons. No need to say this is just for learning purposes. Note, all instructions are in the in...
Leer más

Yes, our linux board is able to send APDUs to the UICC

Imagen
 YES!! AT+CSIM commands are working fine. Our linux board is able to send APDUS to the simcard with success. Below commands to read standard file ICC. Until here is the work I can publish. Complex communications with javacard applets falls inside the intelectual property of my company and I cannot publish. This will be published in internal company confluence pages. We have also been able to send text sms, but that is easy peasy :)
Leer más