Hello, we are non-profit security researchers from RWTH Aachen University and Fraunhofer FKIE in Germany. We are reaching out to you as we believe that one of your systems is unintentionally exposed to the Internet, i.e., it can be accessed by anyone without requiring authorization. The details of this system are: IP: 94.199.96.99 (on 07/06/2021 (our measurement date)) Please see below for a list of topics associated with your email address. More details: We perform research on the security of Internet-connected systems and scan the Internet for servers using MQTT. This is how we detected your service, which seems to not be configured correctly / securely. However, when configured correctly, MQTT also allows for access control and authentication. The configuration depends on the broker software you are using. For the predominantly used mosquitto broker, you can find a description of the security options here: https://mosquitto.org/man/mosquitto-conf-5.html We would appreciate any feedback from your side, e.g., by answering to this email indicating that your system indeed should not be accessible for everybody on the Internet and your steps taken to secure your system. Yours sincerely, Dr. Martin Henze Markus Dahlmanns --- List of topics referencing your email address: - elevel2/machine/67:5e/printk
Attachment:
smime.p7s
Description: S/MIME cryptographic signature