Security experts are warning of another major smart home security threat after revealing that as many as 32,000 businesses and homes have failed to protect systems exposed via the internet.
The issue resides in the lightweight Message Queuing Telemetry Transport (MQTT) protocol, favored in IoT networks to transfer data between machines.
When implementing it at home, users are required to set-up a server, usually on a PC or mini-computer like a Raspberry Pi, that the devices can communicate with.
Unfortunately, security vendor
Avast found 49,000 such MQTT servers publicly visible on the internet via a simple Shodan search, with 32,000 featuring no password protection. This global figure might seem rather low, but the vendor clarified to
Infosecurity that the protocol is used mainly by more "advanced tech users."
This could be creating cybersecurity, privacy and even physical security risks for users, according to Avast researcher, Martin Hron.