HANNOVER MESSE 2020, 20 - 24 April
Homepage>Conference program >Machine-to-Machine Protocol Security: The Case of MQTT and CoAP
Industrial Security Forum

Machine-to-Machine Protocol Security: The Case of MQTT and CoAP

Location & Language


English, German

Event Details

Type of event



Digital Factory, Industrie 4.0, Integrated Industry

Event Host

Missed the Event?

So far no information materials were provided for this event. Please contact the organizer directly for further information.


MQTT and CoAP provide data connectivity for practically any kind of "machines". This talk will cover the results of our security analysis of MQTT and CoAP, which uncovered issues in the design specifications, vulnerable product implementations, and hundreds of thousands unsecured, open-to-the-world deployments. Despite the fixes in the design specifications, it is hard for developers to keep up with a changing standard when a technology becomes pervasive. Also, the market of this technology is very wide because the barrier to entry is fairly low. This led to a multitude of fragmented implementations. Our findings have been acknowledged by the vendors, by the MQTT Technical Committee, which released a note to help identify the risks, and received the attention of several other organizations. Using MQTT and CoAP as case study, we will provide recommendations at various levels, in the hope to see a significant reduction in the number of insecure deployments in the future.


  Federico Maggi

Federico Maggi

Senior Researcher, Trend Micro Inc.

With more than a decade of research experience in the cybersecurity field, Federico Maggi is specialized in doing threat and security analysis on virtually any system. Federico has analyzed web applications, ...

Go to profile

Stored items


Server communication error: Item could not be saved.