Song Liao, Jingwen Yan, Long Cheng (Clemson University)

The rapid evolution of Internet of Things (IoT) technologies allows users to interact with devices in a smart home environment. In an effort to strengthen the connectivity of smart devices across diverse vendors, multiple leading device manufacturers developed the Matter standard, enabling users to control devices from different sources seamlessly. However, the interoperability introduced by Matter poses new challenges to user privacy and safety. In this paper, we propose the Hidden Eavesdropping Attack in Matter-enabled smart home systems by exploiting the vulnerabilities in the Matter device pairing process and delegation phase. Our investigation of the Matter device pairing process reveals the possibility of unauthorized delegation. Furthermore, such delegation can grant unauthorized Matter hubs (i.e., hidden hubs) the capability to eavesdrop on other IoT devices without the awareness of device owners. Meanwhile, the implementation flaws from companies in device management complicate the task of device owners in identifying such hidden hubs. The disclosed sensitive data about devices, such as the status of door locks, can be leveraged by malicious attackers to deduce users’ activities, potentially leading to security breaches and safety issues.

View More Papers

AVMON: Securing Autonomous Vehicles by Learning Control Invariants and...

Ahmed Abdo, Sakib Md Bin Malek, Xuanpeng Zhao, Nael Abu-Ghazaleh (University of California, Riverside)

Read More

Unus pro omnibus: Multi-Client Searchable Encryption via Access Control

Jiafan Wang (Data61, CSIRO), Sherman S. M. Chow (The Chinese University of Hong Kong)

Read More

Inaudible Adversarial Perturbation: Manipulating the Recognition of User Speech...

Xinfeng Li (Zhejiang University), Chen Yan (Zhejiang University), Xuancun Lu (Zhejiang University), Zihan Zeng (Zhejiang University), Xiaoyu Ji (Zhejiang University), Wenyuan Xu (Zhejiang University)

Read More