Internet-of-Things (IoT) devices, ranging from smart home assistants to health devices, are pervasive: Forecasts estimate their number to reach 29 billion by 2030. Understanding the security of their machine-to-machine communication is crucial. Prior work focused on identifying devices' vulnerabilities or proposed protocol-specific solutions. Instead, we investigate the security of backends speaking IoT protocols, that is, the backbone of the IoT ecosystem. We focus on three real-world protocols for our large-scale analysis: MQTT, CoAP, and XMPP. We gather a dataset of over 337,000 backends, augment it with geographical and provider data, and perform non-invasive active measurements to investigate three major security threats: information leakage, weak authentication, and denial of service. Our results provide quantitative evidence of a problematic immaturity in the IoT ecosystem. Among other issues, we find that 9.44% backends expose information, 30.38% CoAP-speaking backends are vulnerable to denial of service attacks, and 99.84% of MQTT- and XMPP-speaking backends use insecure transport protocols (only 0.16% adopt TLS, of which 70.93% adopt a vulnerable version).

翻译：物联网设备——从智能家居助手到健康监测设备——已无处不在：预测显示到2030年其数量将达到290亿台。理解其机器间通信的安全性至关重要。先前研究主要关注识别设备漏洞或提出协议特定解决方案。与之不同，本研究聚焦于支持物联网协议的后端安全，即物联网生态系统的核心支柱。我们选取三种真实世界协议进行大规模分析：MQTT、CoAP和XMPP。我们收集了超过337,000个后端的数据集，并补充地理与供应商信息，通过非侵入式主动测量方法探究三大安全威胁：信息泄露、弱认证和拒绝服务。研究结果为物联网生态系统存在的不成熟问题提供了量化证据。主要发现包括：9.44%的后端存在信息暴露；30.38%的CoAP协议后端易受拒绝服务攻击；99.84%的MQTT与XMPP协议后端使用不安全传输协议（仅0.16%采用TLS，其中70.93%采用存在漏洞的版本）。