You would kind of hope that any device that relies on MQTT would implement a watchdog to restart it if it terminates unexpectedly.
Oh, wait, we're talking IoT...
Synopsys Cybersecurity Research Centre (CyRC) has warned of easily triggered denial-of-service (DoS) vulnerabilities in three popular open-source Internet of Things message brokers: RabbitMQ, EMQ X, and VerneMQ. The message brokers, responsible for handling data sent to or from IoT devices like smart home hubs and door locks, …
Ah, but these are the brokers we're talking about. The devices themselves may be knocked out by a wage-slave in a Shenzen factory and vulnerable to everything, but the brokers are run on proper computers and written by people that care. They should be no worse than any other daemon, eg apache, ftpd.
Running Mosquitto here, with no regrets about that after this article.
A DoS is easily fixed by spinning up more capacity etc.
It only needs to be a temporary inconvenience, not a permanent one.
Also, if you've got a uPVC door you might want to be a little careful putting acetone anywhere near it (though nail varnish remover is sufficiently dilute it shouldn't be an issue)
Depends on the type of DoS-attack. For a DDoS-attack you may be able to add capacity, although that's not a given.
However, DoS can be accomplished even with a single request or action in some instances. Generally, no amount of capacity will help in such cases. Although I have seen a web form that required one server per user - two people using the web form at the same time on the same server caused a DoS-sitution. I suppose that in that case you could just add servers...
With most locks on uPVC doors, if you insert the key in one side then it stops a key being fully inserted from the other. Was told this morning of a relative having done than before suffering a medical issue and it required the Fire Service as it was a 3rd floor flat but had an open window.
So DOS beaten by backdooring (ish)