insecure-mqtt-iot-pipeline

An intentionally insecure MQTT IoT pipeline built to demonstrate why unencrypted and unauthenticated MQTT is dangerous.

This project simulates a water monitoring system and shows how easy it is to eavesdrop on live sensor data using standard MQTT tools.

---

Pipeline Overview

Sensor Publisher → Mosquitto Broker → Dashboard Subscriber

Key lesson:
MQTT over port 1883 is basically a postcard.
Anyone who can reach the broker can read (and potentially inject) traffic.

---

What This Project Does

• Simulates a water sensor (pressure + flow)
• Publishes JSON readings every 2 seconds via MQTT
• Displays readings in a dashboard-style subscriber
• Demonstrates wildcard subscription (#) data exposure
• Shows real-world IoT security risks in action

---

Tech Stack

• Python 3
• Mosquitto (MQTT broker)
• paho-mqtt

---

Repository Structure

sensor/

• sensor_publisher.py # Publishes readings every 2 seconds
• water_sensor.py # Generates pressure/flow/timestamps

dashboard/

• dashboard_subscriber.py # Formats and displays readings

docs/ # Vulnerability assessment & notes screenshots/ # Proof of interception and testing

---

How to Run (Insecure on Purpose)

Terminal 1 — Start broker

mosquitto -v

Terminal 2 — Start dashboard

python dashboard/dashboard_subscriber.py

Terminal 3 - Start sensor publisher

python sensor/sensor_publisher.py

Terminal 4 - Eavesdrop (the attack)

mosquitto_sub -t "#" -v