[Avg. reading time: 4 minutes]

Communication Layer

MITM on MQTT/CoAP

💥 Problem: MQTT and CoAP are lightweight protocols often used without encryption or auth. A Man-in-the-Middle (MITM) attacker can intercept or alter traffic between device and broker/server.

🧪 Real-World Use Case: A smart lighting system using MQTT over TCP (no TLS) was hacked in a hotel. Attackers spoofed the broker and sent messages to turn off all lights remotely.

🛡️ Mitigation:

• Always use MQTT over TLS (port 8883) and CoAP over DTLS
• Use broker/client certificates for mutual authentication
• Enable server identity verification and certificate pinning
• Disable anonymous access on MQTT brokers

Replay Attacks Due to Lack of Freshness

💥 Problem: IoT protocols often lack proper timestamping, sequence numbers. An attacker can record legitimate messages and replay them to cause unintended actions.

🧪 Real-World Use Case: A smart lock system accepted the same unlock command repeatedly. An attacker replayed a recorded “unlock” MQTT message to gain unauthorized entry.

🛡️ Mitigation:

• Add timestamps, or message counters to each request
• Ensure servers/devices track and reject duplicates
• Implement challenge-response mechanisms for critical commands
• Use token expiration and freshness validation

Example

{
  "device_id": "lock01",
  "command": "unlock",
  "nonce": "839275abc123",
  "timestamp": "2025-04-01T10:23:00Z"
}
````<span id='footer-class'>Ver 6.0.5</span>
<footer id="last-change">Last change: 2026-02-05</footer>````