New Video from @BlackHatOfficialYT: Security Researcher Discusses Vulnerabilities in Matter Protocol
This content is an AI-generated summary. If you encounter any misinformation or problematic content, please report it to cyb.hub@proton.me.
In this video, Jang Gabella, a senior security researcher at Bit Defender, presents an in-depth discussion on the Matter standard, a unified solution for communication and security of devices in the smart home. Matter is a recently developed application protocol aimed at solving interoperability issues between different IoT devices. Gabella shares his findings on security vulnerabilities within this protocol, highlighting the importance of research in this emerging field. Gabella begins by explaining why the modern smart home is no longer limited to light bulbs and switches but includes critical devices like electric vehicle charging stations, smart batteries, and heat pumps.
These devices transform the smart home into a connected system that can impact other devices linked to the local or regional electrical grid. He also emphasizes that the traditional architecture of IoT, with its multiple protocols, is changing thanks to Matter, which enables interoperability between different devices. Technically, Matter is an application layer protocol that operates on IPv6 and uses well-established protocols like Bluetooth for initialization and Wi-Fi and Thread for data exchange.
Gabella explains that Matter uses IP protocols, allowing for the testing of various types of IP attacks against these new devices. He highlights the complexity of Matter, which includes numerous messages and uses modern cryptography, posing challenges for low-power devices. Gabella then presents two major vulnerabilities he discovered in the Matter SDK. The first is a "delay denial of service" attack that can disable all Matter devices running under a certain version of the standard. This attack exploits the complexity of the operations required to generate response messages, exhausting the devices' ability to handle new sessions.
The second vulnerability is a "feature scanning" attack that allows mapping the types of devices and their functionalities within a Matter ecosystem. To demonstrate these vulnerabilities, Gabella describes his experiments with Google and Apple controllers, as well as devices he created himself. He explains how he was able to query the devices and discover their clusters and attributes by interpreting the returned error messages. He also emphasizes the importance of monitoring and detecting attacks, proposing integrated monitoring solutions in smartphones and home ecosystems.
Gabella concludes by calling for action in both offensive and defensive research, emphasizing the importance of reporting and participating in ethical vulnerability management processes. He insists on the need for clear descriptions of security protocols to facilitate analysis and encourages the publication of more research on the Matter protocol. In summary, this video provides a comprehensive overview of the vulnerabilities and security challenges associated with the Matter standard, while proposing practical solutions to mitigate them. It is a valuable resource for anyone interested in cybersecurity and hacking in the context of the smart home.