Skip to content

MQTT Broker Credentials

Service Name: MQTT (Message Queuing Telemetry Transport)

Service Description: MQTT is a lightweight, publish-subscribe network protocol that transports messages between devices. It is designed for connections with remote locations where a small code footprint is required, or network bandwidth is limited.

Service Address: Varies by MQTT broker implementation (common examples include HiveMQ, Mosquitto, AWS IoT Core MQTT broker, Azure IoT Hub)

Validation Type: API Auth

IP Allow list: IP restrictions can be configured at the broker level through access control lists (ACLs) or firewall rules depending on the MQTT broker implementation.

Secret Access Scope: Grants access to publish and subscribe to topics on the MQTT broker, potentially allowing message interception or injection across IoT devices and applications.

Secret Revokement URL: Varies by MQTT broker implementation. Typically managed through the broker's admin interface.

Secret Example: MQTT Broker Credentials Username: mqttuser Password: Tr@ff1cL1ght$2023

Suspicious Activity Investigation Instructions:

  • Review broker connection logs for unusual client IDs or connection patterns
  • Monitor for unexpected topic subscriptions or publications
  • Check for abnormal message volumes or frequencies
  • Examine payload contents for malicious data
  • Look for connections from unexpected geographic locations or IP addresses

Mitigation Instructions:

  • Immediately change the compromised MQTT broker credentials
  • Implement or update ACLs to restrict topic access
  • Enable TLS/SSL for all MQTT connections if not already in use
  • Consider implementing client certificate authentication instead of username/password
  • Review and update broker logging and monitoring configurations
  • Audit all connected clients and revoke unauthorized connections
  • Implement message payload validation to prevent injection attacks