Man-in-the-Middle Attacks on IoT Devices: Message Manipulation and Vulnerabilities in the MQTT Protocol An Experimental Case Study

Leonardo De La Cadena; Johnny Loachamin; Diego Gamboa; Graciela Guerrero; Santiago Quishpe; Esteven Nacimba

doi:10.1007/978-3-032-11494-5_15

Man-in-the-Middle Attacks on IoT Devices: Message Manipulation and Vulnerabilities in the MQTT Protocol An Experimental Case Study

Leonardo De La Cadena
, Johnny Loachamin
, Diego Gamboa
, Graciela Guerrero
, Santiago Quishpe
, Esteven Nacimba

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

In today’s world, all household devices are connected to the Internet. Although this offers numerous benefits, it also introduces new risks that must be addressed and mitigated. Although the vulnerability of MQTT to MitM attacks and the effectiveness of TLS as a mitigation are well-established principles, there is a gap in practical, reproducible demonstrations that highlight the ease of exploitation and the absolute effectiveness of mitigation in a controlled IoT context. For this reason, an experiment was conducted within a virtual environment, executing a Man-in-the-Middle (MitM) attack using spoofing techniques to capture MQTT packets and alter the messages transmitted across an IoT device network. Using the Polymorph tool in Kali Linux, it was possible to modify the messages exchanged between two virtual machines communicating via a Mosquitto server. Due to the absence of security measures in Mosquitto’s message transmission, a security mechanism was implemented to mitigate the described attack. Therefore, TLS and SSL message encryption techniques were tested. When attempting the attack again after implementing TLS for message transmission, it was observed that no MQTT packet network traffic was generated, effectively disabling the MitM attack. This shows that executing a MitM attack on IoT devices can compromise environments using such technologies, potentially enabling cyberphysical attacks and endangering human lives. Hence, it is crucial to promote the proper implementation of message encryption techniques, such as TLS, within IoT communication networks.

Original language	English
Title of host publication	Technologies and Innovation - 11th International Conference, CITI 2025, Proceedings
Editors	Rafael Valencia-Garcia, Patricio Alvarez-Muñoz, Juan Tarquino Calderon, Vanessa Vergara-Lozano, Laura Ortega-Ponce, Ana Lucía Pico-Aguilar, Benjamín Marcelo Vásconez-García
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	225-239
Number of pages	15
ISBN (Print)	9783032114938
DOIs	https://doi.org/10.1007/978-3-032-11494-5_15
State	Published - 2026
Externally published	Yes
Event	11th International Conference on Technologies and Innovation, CITI 2025 - Guayaquil, Ecuador Duration: Dec 8 2025 → Dec 11 2025

Publication series

Name	Communications in Computer and Information Science
Volume	2776 CCIS
ISSN (Print)	1865-0929
ISSN (Electronic)	1865-0937

Conference

Conference	11th International Conference on Technologies and Innovation, CITI 2025
Country/Territory	Ecuador
City	Guayaquil
Period	12/8/25 → 12/11/25

Keywords

Broker Server
IoT devices
MQTT
Man-in-the-Middle
Message Alteration
Mosquitto
TLS Security

Access to Document

10.1007/978-3-032-11494-5_15

Cite this

De La Cadena, L., Loachamin, J., Gamboa, D., Guerrero, G., Quishpe, S., & Nacimba, E. (2026). Man-in-the-Middle Attacks on IoT Devices: Message Manipulation and Vulnerabilities in the MQTT Protocol An Experimental Case Study. In R. Valencia-Garcia, P. Alvarez-Muñoz, J. Tarquino Calderon, V. Vergara-Lozano, L. Ortega-Ponce, A. L. Pico-Aguilar, & B. M. Vásconez-García (Eds.), Technologies and Innovation - 11th International Conference, CITI 2025, Proceedings (pp. 225-239). (Communications in Computer and Information Science; Vol. 2776 CCIS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-032-11494-5_15

De La Cadena, Leonardo ; Loachamin, Johnny ; Gamboa, Diego et al. / Man-in-the-Middle Attacks on IoT Devices : Message Manipulation and Vulnerabilities in the MQTT Protocol An Experimental Case Study. Technologies and Innovation - 11th International Conference, CITI 2025, Proceedings. editor / Rafael Valencia-Garcia ; Patricio Alvarez-Muñoz ; Juan Tarquino Calderon ; Vanessa Vergara-Lozano ; Laura Ortega-Ponce ; Ana Lucía Pico-Aguilar ; Benjamín Marcelo Vásconez-García. Springer Science and Business Media Deutschland GmbH, 2026. pp. 225-239 (Communications in Computer and Information Science).

@inproceedings{1d9e8d9dbea144c48e036f9327584496,

title = "Man-in-the-Middle Attacks on IoT Devices: Message Manipulation and Vulnerabilities in the MQTT Protocol An Experimental Case Study",

abstract = "In today{\textquoteright}s world, all household devices are connected to the Internet. Although this offers numerous benefits, it also introduces new risks that must be addressed and mitigated. Although the vulnerability of MQTT to MitM attacks and the effectiveness of TLS as a mitigation are well-established principles, there is a gap in practical, reproducible demonstrations that highlight the ease of exploitation and the absolute effectiveness of mitigation in a controlled IoT context. For this reason, an experiment was conducted within a virtual environment, executing a Man-in-the-Middle (MitM) attack using spoofing techniques to capture MQTT packets and alter the messages transmitted across an IoT device network. Using the Polymorph tool in Kali Linux, it was possible to modify the messages exchanged between two virtual machines communicating via a Mosquitto server. Due to the absence of security measures in Mosquitto{\textquoteright}s message transmission, a security mechanism was implemented to mitigate the described attack. Therefore, TLS and SSL message encryption techniques were tested. When attempting the attack again after implementing TLS for message transmission, it was observed that no MQTT packet network traffic was generated, effectively disabling the MitM attack. This shows that executing a MitM attack on IoT devices can compromise environments using such technologies, potentially enabling cyberphysical attacks and endangering human lives. Hence, it is crucial to promote the proper implementation of message encryption techniques, such as TLS, within IoT communication networks.",

keywords = "Broker Server, IoT devices, MQTT, Man-in-the-Middle, Message Alteration, Mosquitto, TLS Security",

author = "\{De La Cadena\}, Leonardo and Johnny Loachamin and Diego Gamboa and Graciela Guerrero and Santiago Quishpe and Esteven Nacimba",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2026.; 11th International Conference on Technologies and Innovation, CITI 2025 ; Conference date: 08-12-2025 Through 11-12-2025",

year = "2026",

doi = "10.1007/978-3-032-11494-5\_15",

language = "Ingl{\'e}s",

isbn = "9783032114938",

series = "Communications in Computer and Information Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "225--239",

editor = "Rafael Valencia-Garcia and Patricio Alvarez-Mu{\~n}oz and \{Tarquino Calderon\}, Juan and Vanessa Vergara-Lozano and Laura Ortega-Ponce and Pico-Aguilar, \{Ana Luc{\'i}a\} and V{\'a}sconez-Garc{\'i}a, \{Benjam{\'i}n Marcelo\}",

booktitle = "Technologies and Innovation - 11th International Conference, CITI 2025, Proceedings",

address = "Alemania",

}

De La Cadena, L, Loachamin, J, Gamboa, D, Guerrero, G, Quishpe, S & Nacimba, E 2026, Man-in-the-Middle Attacks on IoT Devices: Message Manipulation and Vulnerabilities in the MQTT Protocol An Experimental Case Study. in R Valencia-Garcia, P Alvarez-Muñoz, J Tarquino Calderon, V Vergara-Lozano, L Ortega-Ponce, AL Pico-Aguilar & BM Vásconez-García (eds), Technologies and Innovation - 11th International Conference, CITI 2025, Proceedings. Communications in Computer and Information Science, vol. 2776 CCIS, Springer Science and Business Media Deutschland GmbH, pp. 225-239, 11th International Conference on Technologies and Innovation, CITI 2025, Guayaquil, Ecuador, 12/8/25. https://doi.org/10.1007/978-3-032-11494-5_15

Man-in-the-Middle Attacks on IoT Devices: Message Manipulation and Vulnerabilities in the MQTT Protocol An Experimental Case Study. / De La Cadena, Leonardo; Loachamin, Johnny; Gamboa, Diego et al.
Technologies and Innovation - 11th International Conference, CITI 2025, Proceedings. ed. / Rafael Valencia-Garcia; Patricio Alvarez-Muñoz; Juan Tarquino Calderon; Vanessa Vergara-Lozano; Laura Ortega-Ponce; Ana Lucía Pico-Aguilar; Benjamín Marcelo Vásconez-García. Springer Science and Business Media Deutschland GmbH, 2026. p. 225-239 (Communications in Computer and Information Science; Vol. 2776 CCIS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Man-in-the-Middle Attacks on IoT Devices

T2 - 11th International Conference on Technologies and Innovation, CITI 2025

AU - De La Cadena, Leonardo

AU - Loachamin, Johnny

AU - Gamboa, Diego

AU - Guerrero, Graciela

AU - Quishpe, Santiago

AU - Nacimba, Esteven

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Switzerland AG 2026.

PY - 2026

Y1 - 2026

N2 - In today’s world, all household devices are connected to the Internet. Although this offers numerous benefits, it also introduces new risks that must be addressed and mitigated. Although the vulnerability of MQTT to MitM attacks and the effectiveness of TLS as a mitigation are well-established principles, there is a gap in practical, reproducible demonstrations that highlight the ease of exploitation and the absolute effectiveness of mitigation in a controlled IoT context. For this reason, an experiment was conducted within a virtual environment, executing a Man-in-the-Middle (MitM) attack using spoofing techniques to capture MQTT packets and alter the messages transmitted across an IoT device network. Using the Polymorph tool in Kali Linux, it was possible to modify the messages exchanged between two virtual machines communicating via a Mosquitto server. Due to the absence of security measures in Mosquitto’s message transmission, a security mechanism was implemented to mitigate the described attack. Therefore, TLS and SSL message encryption techniques were tested. When attempting the attack again after implementing TLS for message transmission, it was observed that no MQTT packet network traffic was generated, effectively disabling the MitM attack. This shows that executing a MitM attack on IoT devices can compromise environments using such technologies, potentially enabling cyberphysical attacks and endangering human lives. Hence, it is crucial to promote the proper implementation of message encryption techniques, such as TLS, within IoT communication networks.

AB - In today’s world, all household devices are connected to the Internet. Although this offers numerous benefits, it also introduces new risks that must be addressed and mitigated. Although the vulnerability of MQTT to MitM attacks and the effectiveness of TLS as a mitigation are well-established principles, there is a gap in practical, reproducible demonstrations that highlight the ease of exploitation and the absolute effectiveness of mitigation in a controlled IoT context. For this reason, an experiment was conducted within a virtual environment, executing a Man-in-the-Middle (MitM) attack using spoofing techniques to capture MQTT packets and alter the messages transmitted across an IoT device network. Using the Polymorph tool in Kali Linux, it was possible to modify the messages exchanged between two virtual machines communicating via a Mosquitto server. Due to the absence of security measures in Mosquitto’s message transmission, a security mechanism was implemented to mitigate the described attack. Therefore, TLS and SSL message encryption techniques were tested. When attempting the attack again after implementing TLS for message transmission, it was observed that no MQTT packet network traffic was generated, effectively disabling the MitM attack. This shows that executing a MitM attack on IoT devices can compromise environments using such technologies, potentially enabling cyberphysical attacks and endangering human lives. Hence, it is crucial to promote the proper implementation of message encryption techniques, such as TLS, within IoT communication networks.

KW - Broker Server

KW - IoT devices

KW - MQTT

KW - Man-in-the-Middle

KW - Message Alteration

KW - Mosquitto

KW - TLS Security

UR - https://www.scopus.com/pages/publications/105023303404

U2 - 10.1007/978-3-032-11494-5_15

DO - 10.1007/978-3-032-11494-5_15

M3 - Contribución a la conferencia

AN - SCOPUS:105023303404

SN - 9783032114938

T3 - Communications in Computer and Information Science

SP - 225

EP - 239

BT - Technologies and Innovation - 11th International Conference, CITI 2025, Proceedings

A2 - Valencia-Garcia, Rafael

A2 - Alvarez-Muñoz, Patricio

A2 - Tarquino Calderon, Juan

A2 - Vergara-Lozano, Vanessa

A2 - Ortega-Ponce, Laura

A2 - Pico-Aguilar, Ana Lucía

A2 - Vásconez-García, Benjamín Marcelo

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 8 December 2025 through 11 December 2025

ER -

De La Cadena L, Loachamin J, Gamboa D, Guerrero G, Quishpe S, Nacimba E. Man-in-the-Middle Attacks on IoT Devices: Message Manipulation and Vulnerabilities in the MQTT Protocol An Experimental Case Study. In Valencia-Garcia R, Alvarez-Muñoz P, Tarquino Calderon J, Vergara-Lozano V, Ortega-Ponce L, Pico-Aguilar AL, Vásconez-García BM, editors, Technologies and Innovation - 11th International Conference, CITI 2025, Proceedings. Springer Science and Business Media Deutschland GmbH. 2026. p. 225-239. (Communications in Computer and Information Science). doi: 10.1007/978-3-032-11494-5_15