With the enhancement of mobile network access capabilities, the application of the Internet of Things has become increasingly widespread, and related research on the Internet of Things has received extensive attention from the academic and industrial fields. The security and efficiency of M2M in IoT are the core basic issues. Devices and systems in IoT are very complex, and the research on the communication protocols of each network layer is the cornerstone of the Internet of Things. And the MQTT is a widely used in data exchange as the application layer protocol of Internet of Things. The security problem of MQTT is of great significance. The paper discusses the hot topics of MQTT about security. This article focuses on the root causes of MQTT security, the main threats faced in MQTT, and corresponding offensive and defense strategies, including machine learning based MQTT security, replay attacks, man-in- the-middle attacks, anomaly detection, MQTT network mutual trust mechanism supported by blockchain, DoS attacks, encrypted transmission. Finally, the paper puts forward the key issues of MQTT security that should be touched in the future.