Song Liao, Jingwen Yan, Long Cheng (Clemson University)

The rapid evolution of Internet of Things (IoT) technologies allows users to interact with devices in a smart home environment. In an effort to strengthen the connectivity of smart devices across diverse vendors, multiple leading device manufacturers developed the Matter standard, enabling users to control devices from different sources seamlessly. However, the interoperability introduced by Matter poses new challenges to user privacy and safety. In this paper, we propose the Hidden Eavesdropping Attack in Matter-enabled smart home systems by exploiting the vulnerabilities in the Matter device pairing process and delegation phase. Our investigation of the Matter device pairing process reveals the possibility of unauthorized delegation. Furthermore, such delegation can grant unauthorized Matter hubs (i.e., hidden hubs) the capability to eavesdrop on other IoT devices without the awareness of device owners. Meanwhile, the implementation flaws from companies in device management complicate the task of device owners in identifying such hidden hubs. The disclosed sensitive data about devices, such as the status of door locks, can be leveraged by malicious attackers to deduce users’ activities, potentially leading to security breaches and safety issues.

View More Papers

Experimental Analyses of the Physical Surveillance Risks in Client-Side...

Ashish Hooda (University of Wisconsin-Madison), Andrey Labunets (UC San Diego), Tadayoshi Kohno (University of Washington), Earlence Fernandes (UC San Diego)

Read More

Programmer's Perception of Sensitive Information in Code

Xinyao Ma, Ambarish Aniruddha Gurjar, Anesu Christopher Chaora, Tatiana R Ringenberg, L. Jean Camp (Luddy School of Informatics, Computing, and Engineering, Indiana University Bloomington)

Read More

Sneaky Spikes: Uncovering Stealthy Backdoor Attacks in Spiking Neural...

Gorka Abad (Radboud University & Ikerlan Technology Research Centre), Oguzhan Ersoy (Radboud University), Stjepan Picek (Radboud University & Delft University of Technology), Aitor Urbieta (Ikerlan Technology Research Centre, Basque Research and Technology Alliance (BRTA))

Read More

SLMIA-SR: Speaker-Level Membership Inference Attacks against Speaker Recognition Systems

Guangke Chen (ShanghaiTech University), Yedi Zhang (National University of Singapore), Fu Song (Institute of Software, Chinese Academy of Sciences; University of Chinese Academy of Sciences)

Read More