Zero-day Vulnerability Leaves 100M IoT Devices Exposed

Over 100 million IoT devices across 10,000 enterprises were vulnerable to attacks, thanks to a flaw in a widely used infrastructure code. 

A zero-day vulnerability was found in NanoMQ, an open-source platform from EMQ that monitors IoT devices in real-time. The technology acts as a “message broker” to deliver alerts that atypical activity has been detected. EMQ’s products are used in various IoT applications, including IoMT, IIoT, wearables, and smart cities. 

Researchers from Guardara, a security firm, were able to find this loophole. “Guardara used its technology to detect multiple issues…that caused EMQ’s NanoMQ product to crash during testing,” the company stated. “The existence of these vulnerabilities means that any NanoMQ reliant system could be brought down completely.”

Mitali Rakhit, Guardara’s CEO, said that the vulnerability was given a CVSS score of 7.1, making it high severity.

“How dangerous it is depends on what setting NanoMQ is used in,” Rakhit added.

The bug is caused by an improper restriction of operations within the bounds of a memory buffer (CWE-119).

Zsolt Imre from Guardara explained that the issue was with the MQTT packet length. MQTT is a messaging protocol standard for IoT, designed as an extremely lightweight publish/subscribe messaging transport for connecting remote devices with a small code footprint, requiring minimal network bandwidth. MQTT is used in a wide variety of industries that use low-bandwidth smart sensors, such as automotive, manufacturing, telecommunications, oil and gas, and others.

In NanoMQ’s implementation, “when the MQTT packet length is tampered with and is lower than expected, a ‘memcpy’ operation receives a size value that makes the source buffer location point to or into an unallocated memory area,” Imre wrote. “As a result, NanoMQ crashes.”

All an attacker would need to exploit the vulnerability and crash the system are basic networking and scripting skills. These kinds of denial-of-service attacks can be extremely dangerous as they affect the availability of mission-critical equipment.

According to Guardara, the bug could potentially put millions of lives and property at risk. “The technology within NanoMQ is used for collecting real-time data from common devices including smartwatches, car sensors, and fire-detection sensors. Message brokers are used to monitor health parameters via sensors for patients leaving hospital, or motion detection sensors to prevent theft.”

NanoMQ device users should check with their vendors for an update to device firmware.

IoT devices have become an essential part of our everyday lives–and bad actors are setting their sights on this arena. Security firms must work double-time to ensure that devices are protected, to keep enterprises and consumers safe.

IoT Innovator Newsletter

Get the latest updates and industry news in your inbox! Enter your email address and name below to be the first to know.