Man-in-the-Middle Attacks on IoT Devices: Message Manipulation and Vulnerabilities in the MQTT Protocol An Experimental Case Study

Leonardo De La Cadena; Johnny Loachamin; Diego Gamboa; Graciela Guerrero; Santiago Quishpe; Esteven Nacimba

doi:10.1007/978-3-032-11494-5_15

Man-in-the-Middle Attacks on IoT Devices: Message Manipulation and Vulnerabilities in the MQTT Protocol An Experimental Case Study

Leonardo De La Cadena
, Johnny Loachamin
, Diego Gamboa^*
, Graciela Guerrero
, Santiago Quishpe
, Esteven Nacimba

^*Autor correspondiente de este trabajo

Producción científica: Capítulo del libro/informe/acta de congreso › Contribución de conferencia › revisión exhaustiva

Resumen

In today’s world, all household devices are connected to the Internet. Although this offers numerous benefits, it also introduces new risks that must be addressed and mitigated. Although the vulnerability of MQTT to MitM attacks and the effectiveness of TLS as a mitigation are well-established principles, there is a gap in practical, reproducible demonstrations that highlight the ease of exploitation and the absolute effectiveness of mitigation in a controlled IoT context. For this reason, an experiment was conducted within a virtual environment, executing a Man-in-the-Middle (MitM) attack using spoofing techniques to capture MQTT packets and alter the messages transmitted across an IoT device network. Using the Polymorph tool in Kali Linux, it was possible to modify the messages exchanged between two virtual machines communicating via a Mosquitto server. Due to the absence of security measures in Mosquitto’s message transmission, a security mechanism was implemented to mitigate the described attack. Therefore, TLS and SSL message encryption techniques were tested. When attempting the attack again after implementing TLS for message transmission, it was observed that no MQTT packet network traffic was generated, effectively disabling the MitM attack. This shows that executing a MitM attack on IoT devices can compromise environments using such technologies, potentially enabling cyberphysical attacks and endangering human lives. Hence, it is crucial to promote the proper implementation of message encryption techniques, such as TLS, within IoT communication networks.

Idioma original	Inglés
Título de la publicación alojada	Technologies and Innovation - 11th International Conference, CITI 2025, Proceedings
Editores	Rafael Valencia-Garcia, Patricio Alvarez-Muñoz, Juan Tarquino Calderon, Vanessa Vergara-Lozano, Laura Ortega-Ponce, Ana Lucía Pico-Aguilar, Benjamín Marcelo Vásconez-García
Editorial	Springer Science and Business Media Deutschland GmbH
Páginas	225-239
Número de páginas	15
ISBN (versión impresa)	9783032114938
DOI	https://doi.org/10.1007/978-3-032-11494-5_15
Estado	Publicada - 2026
Publicado de forma externa	Sí
Evento	11th International Conference on Technologies and Innovation, CITI 2025 - Guayaquil, Ecuador Duración: 8 dic. 2025 → 11 dic. 2025

Serie de la publicación

Nombre	Communications in Computer and Information Science
Volumen	2776 CCIS
ISSN (versión impresa)	1865-0929
ISSN (versión digital)	1865-0937

Conferencia

Conferencia	11th International Conference on Technologies and Innovation, CITI 2025
País/Territorio	Ecuador
Ciudad	Guayaquil
Período	8/12/25 → 11/12/25

Nota bibliográfica

Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2026.

Acceder al documento

10.1007/978-3-032-11494-5_15

Otros archivos y enlaces

Enlace a la publicación en Scopus

Citar esto

De La Cadena, L., Loachamin, J., Gamboa, D., Guerrero, G., Quishpe, S., & Nacimba, E. (2026). Man-in-the-Middle Attacks on IoT Devices: Message Manipulation and Vulnerabilities in the MQTT Protocol An Experimental Case Study. En R. Valencia-Garcia, P. Alvarez-Muñoz, J. Tarquino Calderon, V. Vergara-Lozano, L. Ortega-Ponce, A. L. Pico-Aguilar, & B. M. Vásconez-García (Eds.), Technologies and Innovation - 11th International Conference, CITI 2025, Proceedings (pp. 225-239). (Communications in Computer and Information Science; Vol. 2776 CCIS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-032-11494-5_15

De La Cadena, Leonardo ; Loachamin, Johnny ; Gamboa, Diego et al. / Man-in-the-Middle Attacks on IoT Devices : Message Manipulation and Vulnerabilities in the MQTT Protocol An Experimental Case Study. Technologies and Innovation - 11th International Conference, CITI 2025, Proceedings. editor / Rafael Valencia-Garcia ; Patricio Alvarez-Muñoz ; Juan Tarquino Calderon ; Vanessa Vergara-Lozano ; Laura Ortega-Ponce ; Ana Lucía Pico-Aguilar ; Benjamín Marcelo Vásconez-García. Springer Science and Business Media Deutschland GmbH, 2026. pp. 225-239 (Communications in Computer and Information Science).

@inproceedings{440926ead6a74af1aa5e80fd762ff341,

title = "Man-in-the-Middle Attacks on IoT Devices: Message Manipulation and Vulnerabilities in the MQTT Protocol An Experimental Case Study",

abstract = "In today{\textquoteright}s world, all household devices are connected to the Internet. Although this offers numerous benefits, it also introduces new risks that must be addressed and mitigated. Although the vulnerability of MQTT to MitM attacks and the effectiveness of TLS as a mitigation are well-established principles, there is a gap in practical, reproducible demonstrations that highlight the ease of exploitation and the absolute effectiveness of mitigation in a controlled IoT context. For this reason, an experiment was conducted within a virtual environment, executing a Man-in-the-Middle (MitM) attack using spoofing techniques to capture MQTT packets and alter the messages transmitted across an IoT device network. Using the Polymorph tool in Kali Linux, it was possible to modify the messages exchanged between two virtual machines communicating via a Mosquitto server. Due to the absence of security measures in Mosquitto{\textquoteright}s message transmission, a security mechanism was implemented to mitigate the described attack. Therefore, TLS and SSL message encryption techniques were tested. When attempting the attack again after implementing TLS for message transmission, it was observed that no MQTT packet network traffic was generated, effectively disabling the MitM attack. This shows that executing a MitM attack on IoT devices can compromise environments using such technologies, potentially enabling cyberphysical attacks and endangering human lives. Hence, it is crucial to promote the proper implementation of message encryption techniques, such as TLS, within IoT communication networks.",

keywords = "Broker Server, IoT devices, Man-in-the-Middle, Message Alteration, Mosquitto, MQTT, TLS Security",

author = "\{De La Cadena\}, Leonardo and Johnny Loachamin and Diego Gamboa and Graciela Guerrero and Santiago Quishpe and Esteven Nacimba",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2026.; 11th International Conference on Technologies and Innovation, CITI 2025 ; Conference date: 08-12-2025 Through 11-12-2025",

year = "2026",

doi = "10.1007/978-3-032-11494-5\_15",

language = "English",

isbn = "9783032114938",

series = "Communications in Computer and Information Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "225--239",

editor = "Rafael Valencia-Garcia and Patricio Alvarez-Mu{\~n}oz and \{Tarquino Calderon\}, Juan and Vanessa Vergara-Lozano and Laura Ortega-Ponce and Pico-Aguilar, \{Ana Luc{\'i}a\} and V{\'a}sconez-Garc{\'i}a, \{Benjam{\'i}n Marcelo\}",

booktitle = "Technologies and Innovation - 11th International Conference, CITI 2025, Proceedings",

}

De La Cadena, L, Loachamin, J, Gamboa, D, Guerrero, G, Quishpe, S & Nacimba, E 2026, Man-in-the-Middle Attacks on IoT Devices: Message Manipulation and Vulnerabilities in the MQTT Protocol An Experimental Case Study. En R Valencia-Garcia, P Alvarez-Muñoz, J Tarquino Calderon, V Vergara-Lozano, L Ortega-Ponce, AL Pico-Aguilar & BM Vásconez-García (eds.), Technologies and Innovation - 11th International Conference, CITI 2025, Proceedings. Communications in Computer and Information Science, vol. 2776 CCIS, Springer Science and Business Media Deutschland GmbH, pp. 225-239, 11th International Conference on Technologies and Innovation, CITI 2025, Guayaquil, Ecuador, 8/12/25. https://doi.org/10.1007/978-3-032-11494-5_15

Man-in-the-Middle Attacks on IoT Devices: Message Manipulation and Vulnerabilities in the MQTT Protocol An Experimental Case Study. / De La Cadena, Leonardo; Loachamin, Johnny; Gamboa, Diego et al.
Technologies and Innovation - 11th International Conference, CITI 2025, Proceedings. ed. / Rafael Valencia-Garcia; Patricio Alvarez-Muñoz; Juan Tarquino Calderon; Vanessa Vergara-Lozano; Laura Ortega-Ponce; Ana Lucía Pico-Aguilar; Benjamín Marcelo Vásconez-García. Springer Science and Business Media Deutschland GmbH, 2026. p. 225-239 (Communications in Computer and Information Science; Vol. 2776 CCIS).

Producción científica: Capítulo del libro/informe/acta de congreso › Contribución de conferencia › revisión exhaustiva

TY - GEN

T1 - Man-in-the-Middle Attacks on IoT Devices

T2 - 11th International Conference on Technologies and Innovation, CITI 2025

AU - De La Cadena, Leonardo

AU - Loachamin, Johnny

AU - Gamboa, Diego

AU - Guerrero, Graciela

AU - Quishpe, Santiago

AU - Nacimba, Esteven

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Switzerland AG 2026.

PY - 2026

Y1 - 2026

N2 - In today’s world, all household devices are connected to the Internet. Although this offers numerous benefits, it also introduces new risks that must be addressed and mitigated. Although the vulnerability of MQTT to MitM attacks and the effectiveness of TLS as a mitigation are well-established principles, there is a gap in practical, reproducible demonstrations that highlight the ease of exploitation and the absolute effectiveness of mitigation in a controlled IoT context. For this reason, an experiment was conducted within a virtual environment, executing a Man-in-the-Middle (MitM) attack using spoofing techniques to capture MQTT packets and alter the messages transmitted across an IoT device network. Using the Polymorph tool in Kali Linux, it was possible to modify the messages exchanged between two virtual machines communicating via a Mosquitto server. Due to the absence of security measures in Mosquitto’s message transmission, a security mechanism was implemented to mitigate the described attack. Therefore, TLS and SSL message encryption techniques were tested. When attempting the attack again after implementing TLS for message transmission, it was observed that no MQTT packet network traffic was generated, effectively disabling the MitM attack. This shows that executing a MitM attack on IoT devices can compromise environments using such technologies, potentially enabling cyberphysical attacks and endangering human lives. Hence, it is crucial to promote the proper implementation of message encryption techniques, such as TLS, within IoT communication networks.

AB - In today’s world, all household devices are connected to the Internet. Although this offers numerous benefits, it also introduces new risks that must be addressed and mitigated. Although the vulnerability of MQTT to MitM attacks and the effectiveness of TLS as a mitigation are well-established principles, there is a gap in practical, reproducible demonstrations that highlight the ease of exploitation and the absolute effectiveness of mitigation in a controlled IoT context. For this reason, an experiment was conducted within a virtual environment, executing a Man-in-the-Middle (MitM) attack using spoofing techniques to capture MQTT packets and alter the messages transmitted across an IoT device network. Using the Polymorph tool in Kali Linux, it was possible to modify the messages exchanged between two virtual machines communicating via a Mosquitto server. Due to the absence of security measures in Mosquitto’s message transmission, a security mechanism was implemented to mitigate the described attack. Therefore, TLS and SSL message encryption techniques were tested. When attempting the attack again after implementing TLS for message transmission, it was observed that no MQTT packet network traffic was generated, effectively disabling the MitM attack. This shows that executing a MitM attack on IoT devices can compromise environments using such technologies, potentially enabling cyberphysical attacks and endangering human lives. Hence, it is crucial to promote the proper implementation of message encryption techniques, such as TLS, within IoT communication networks.

KW - Broker Server

KW - IoT devices

KW - Man-in-the-Middle

KW - Message Alteration

KW - Mosquitto

KW - MQTT

KW - TLS Security

UR - https://www.scopus.com/pages/publications/105023303404

U2 - 10.1007/978-3-032-11494-5_15

DO - 10.1007/978-3-032-11494-5_15

M3 - Conference contribution

AN - SCOPUS:105023303404

SN - 9783032114938

T3 - Communications in Computer and Information Science

SP - 225

EP - 239

BT - Technologies and Innovation - 11th International Conference, CITI 2025, Proceedings

A2 - Valencia-Garcia, Rafael

A2 - Alvarez-Muñoz, Patricio

A2 - Tarquino Calderon, Juan

A2 - Vergara-Lozano, Vanessa

A2 - Ortega-Ponce, Laura

A2 - Pico-Aguilar, Ana Lucía

A2 - Vásconez-García, Benjamín Marcelo

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 8 December 2025 through 11 December 2025

ER -

De La Cadena L, Loachamin J, Gamboa D, Guerrero G, Quishpe S, Nacimba E. Man-in-the-Middle Attacks on IoT Devices: Message Manipulation and Vulnerabilities in the MQTT Protocol An Experimental Case Study. En Valencia-Garcia R, Alvarez-Muñoz P, Tarquino Calderon J, Vergara-Lozano V, Ortega-Ponce L, Pico-Aguilar AL, Vásconez-García BM, editores, Technologies and Innovation - 11th International Conference, CITI 2025, Proceedings. Springer Science and Business Media Deutschland GmbH. 2026. p. 225-239. (Communications in Computer and Information Science). doi: 10.1007/978-3-032-11494-5_15