Many hobbyists and professionals use common MQTT brokers and libraries, like “Mosquitto”, in their projects. We asked ourselves: are these implementations “safe”? Is there any security issue we can exploit?
Security is always good. But you need to pay attention to implement it well, otherwise it can be very harmful.
So, you bought your brand new Arduino/Genuino Uno and some nice-but-useless sensor (such as a temperature sensor for your bedroom), and you feel ready to enter the Internet Of Things world.
As this new trend of "Internet of Things" raise up, people and companies are proposing new protocols (at each ISO/OSI level) to manage the local/remote communication between an IoT device and the rest of the network.
Last year I upgraded my solar water panels with some temperature probes, and I scattered NodeMCU in my house (with some DHT22 and DHT11 sensors). At the time I had an old PC that was acting as a server: IoT devices were sending readings to RabbitMQ instance on that server, with a shell script that was bridging between MQTT and RRDTool database.
Of course, for me that was perfect. But I when I tried to share these tools with my family, quickly became clear that I had to make a nice interface. I ended up by sending the chart by Telegram with a bot.
Then, during last month, the old server died. I moved some things to the cloud, and some other things were archived. After some free-time during cleanup (I had two 1TB disks to cleanup...) I landed into Grafana home page. And I decided to give it a try.
Aka: install a safe-mode-access. I was programming my RasPI 3 to be a Wi-Fi AP.