The use of publicly accessible MQTT brokers is prevalent across numerous verticals and technology fields. I was able to identify systems related to energy production, hospitality, finance, healthcare, pharmaceutical manufacturing, building management, surveillance, workplace safety, vehicle fleet management, shipping, construction, natural resource management, agriculture, smart homes and far more.
Hackers have been sounding alarms about this for years, but the message has not reached many parts of the Internet. Many of these systems are clearly involved in high-power and potentially dangerous operations, and I think it is a safe bet that miitaries have been probing these systems for years and have likely found many soft spots which could be used for battle.
Over the past year, I have spent a bit of time analyzing exposed MQTT brokers on the Internet. In this post, I will outline some of these findings including examples of data disclosures I was able to identify as well as others I could not. For a brief recap of MQTT, check out my post about a connected lock.