2020-12-28, 12:00–13:20, Chaos-West TV
An exploration of the available data discovered worldwide by probing MQTT endpoints. MQTT is a popular IoT protocol which, due to configuration, oversight or error (or all three), can be found open globally with at times highly personal data published for all to see. This talk encompasses the speaker's journey through developing a framework of parsing and exploring large datasets and building data collection and monitoring automation, showcasing the sheer lack of attention given to protection of such data
The Message Queueing Telemetry Transport (MQTT) protocol is a standard protocol for Internet of Things implementations. Issues arise when users of products and software utilising MQTT (and IoT generally) are unaware that the data they store might not be as safe as they would assume. From singular, residential IP addresses for a given home automation setup, to cloud services managing IoT products, to public brokers which can be used to aggregate vast quantities of data (popular and free for developers to use in testing), MQTT endpoints beacon data across the globe which sometimes can be as sensitive as live GPS co-ordinates and personal details of entire families as they go about life. From tracking Teslas to surveying Supermarkets, this talk will cover a 2 year journey from first discovering the goldmine of MQTT data, through being able to interact sanely with and search through such large datasets, to the technical difficulties (and moral repugnance) of building data collection automation. Included: MQTT, Python, geoJSON, Shodan, Censys
otherwise described as mass surveillance on a shoestring...
pathfinder is a belligerence