Haoqiang Wang (Chinese Academy of Sciences, University of Chinese Academy of Sciences, Indiana University Bloomington), Yichen Liu (Indiana University Bloomington), Yiwei Fang, Ze Jin, Qixu Liu (Chinese Academy of Sciences, University of Chinese Academy of Sciences, Indiana University Bloomington), Luyi Xing (Indiana University Bloomington)
The Matter protocol is a new communication standard for smart home devices, aiming to enhance interoperability and compatibility among different vendors. However, vendors may encounter unanticipated security issues during development and deployment phases centered around the Matter protocol. In this paper, we focus on examining vulnerabilities within Apple Home framework when implementing the Matter protocol, identifying several attack scenarios that can exploit these vulnerabilities to perform unauthorized actions and conceal their identities. We also compare the design of Apple Home with Google Home, highlighting the differences and implications for security. We reported these vulnerabilities to related vendors, which have been acknowledged by Connectivity Standards Alliance (CSA). Our work reveals the challenges and risks associated with adopting the Matter protocol, and provides suggestions for improving its security design and implementation.