Managing privacy
Lack of privacy in MQTT is another big vulnerability. Due to the ability to subscribe using wildcards, you can also subscribe to data you're not supposed to have access to. There is no management of access control built into MQTT. Publishers cannot negotiate with subscribers who should have access to what. There are no identities at all available to clients, regarding other actors in the network.
Privacy is difficult to manage in MQTT. The most common solution to this problem is to use Access Control Lists (ACL) to control who can subscribe to what topics. But these are completely out-of-band, and hence not interoperable between brokers. Solutions depending on ACLs may have serious problems migrating to other types of brokers. ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access