It feels good when we can show-off our new Internet enabled home gadgets . Just be aware that sometimes, a misconfigured DIY smart-home hubs for home automation could allow attackers to track owners’ movements, see if smart doors and windows are opened or closed, and even open garage doors.

The servers in question are 49,000 Message Queuing Telemetry Transport (MQTT) servers, which are publicly visible due to misconfigured MQTT protocol, according to research released Thursday from Avast. This includes more than 32,000 servers with no password protection.

“The MQTT protocol is used to interconnect and control smart-home devices, via smart-home hubs,”

While the MQTT protocol itself is secure, a lack of security awareness combined with poor built-in protections can create a number of threat vectors, even when a server is partially protected.

“It is frighteningly easy to gain access and control of a person’s smart home, because there are still many poorly secured protocols dating back to bygone technology eras when security was not a top concern,” Hron said. “Consumers need to be aware of the security concerns of connecting devices that control intimate parts of their home to services they don’t fully understand and the importance of properly configuring their devices.”

https://threatpost.com/open-mqtt-servers-raise-physical-threats-in-smart-homes/136586/