Song Liao, Jingwen Yan, Long Cheng (Clemson University)

The rapid evolution of Internet of Things (IoT) technologies allows users to interact with devices in a smart home environment. In an effort to strengthen the connectivity of smart devices across diverse vendors, multiple leading device manufacturers developed the Matter standard, enabling users to control devices from different sources seamlessly. However, the interoperability introduced by Matter poses new challenges to user privacy and safety. In this paper, we propose the Hidden Eavesdropping Attack in Matter-enabled smart home systems by exploiting the vulnerabilities in the Matter device pairing process and delegation phase. Our investigation of the Matter device pairing process reveals the possibility of unauthorized delegation. Furthermore, such delegation can grant unauthorized Matter hubs (i.e., hidden hubs) the capability to eavesdrop on other IoT devices without the awareness of device owners. Meanwhile, the implementation flaws from companies in device management complicate the task of device owners in identifying such hidden hubs. The disclosed sensitive data about devices, such as the status of door locks, can be leveraged by malicious attackers to deduce users’ activities, potentially leading to security breaches and safety issues.

View More Papers

CBAT: A Comparative Binary Analysis Tool

Chloe Fortuna (STR), JT Paasch (STR), Sam Lasser (Draper), Philip Zucker (Draper), Chris Casinghino (Jane Street), Cody Roux (AWS)

Read More

Vision: An Exploration of Online Toxic Content Against Refugees

Arjun Arunasalam (Purdue University), Habiba Farrukh (University of California, Irvine), Eliz Tekcan (Purdue University), Z. Berkay Celik (Purdue University)

Read More

dRR: A Decentralized, Scalable, and Auditable Architecture for RPKI...

Yingying Su (Tsinghua university), Dan Li (Tsinghua university), Li Chen (Zhongguancun Laboratory), Qi Li (Tsinghua university), Sitong Ling (Tsinghua University)

Read More

PANDORA: Jailbreak GPTs by Retrieval Augmented Generation Poisoning

Gelei Deng, Yi Liu (Nanyang Technological University), Yuekang Li (The University of New South Wales), Wang Kailong(Huazhong University of Science and Technology), Tianwei Zhang, Yang Liu (Nanyang Technological University)

Read More