Man-in-the-Middle Attacks on MQTT based IoT networks

“The use of Internet-of-Things (IoT) devices has increased a considerable amount in recent years due to decreasing cost and increasing availability of transistors, semiconductor, and other components. Examples can be found in daily life through smart cities, consumer security cameras, agriculture sensors, and more. However, Cyber Security in these IoT devices are often an afterthought making these devices susceptible to easy attacks. This can be due to multiple factors. An IoT device is often in a smaller form factor and must be affordable to buy in large quantities; as a result, IoT devices have less resources than a typical computer. This includes less processing power, battery power, and random access memory (RAM). This limits the possibilities of traditional security in IoT devices. To help evaluate the state of IoT devices and further enforce them, we present an easy to use program that requires little to no prior knowledge of the target infrastructure. The process is a Man-in-the-Middle (MITM) attack that hijacks packets sent between IoT devices using the popular MQTT protocol. We do this by using a WiFi Pineapple from Hak5, in the device’s raw form, is a WiFi access point with specific offensive capabilities installed as software. We then pass these packets into a custom General Adversarial Network (GAN) that utilizes a Natural Language Processing (NLP) model to generate a malicious message. Once malicious messages are generated, the messages are passed back to the WiFI Pineapple and sent as a legitimate packet among the network. We then look at the efficiency of these malicious messages through different NLP algorithms. In this particular work, we analyze an array of BERT variants and GPT-2”--Abstract, page iv