14. June 2021

This article has been indexed from E Hacking News – Latest Hacker News and IT Security News

Synopsys Cybersecurity Research Centre (CyRC) has warned organizations of easily triggered denial-of-service (DoS) vulnerabilities in three widely used open-source message brokers: RabbitMQ, EMQ X, and VerneMQ. 

A message broker is a software that enables applications, systems, and services to communicate with each other and exchange information by translating messages between formal messaging protocols. It is responsible for managing IoT devices like smart home hubs and door locks via common protocol: Message Queuing Telemetry Transport (MQTT). 

MQTT, first released in 1999 is responsible for managing oil pipelines and a variety of home and industrial automation tasks. Any disruption in MQTT messaging could potentially leave users locked out of their homes and offices.

“Message brokers can be the nerve center of a complex system. If the message broker isn’t working, then the various components of the system cannot communicate. Whatever services are provided by that system are unavailable until the message broker is restored,” Jonathan Knudsen, the researcher who identified the vulnerabilities, told SecurityWeek.