Matter is the new future-proof vendor-agnostic connectivity standard designed for IoT and smart building environments, already adopted by many different setups including alarm sensors, security cameras, or door locks. The standard, maintained by the Connectivity Standards Alliance (CSA) and supported by industry-leading companies, puts a lot of effort in ensuring that only trustworthy devices are admitted into the ecosystem. The goal is to prevent attacks where rogue devices join the network, gaining access to privacy sensitive information, or performing disruptive operations.
To achieve its objective, the standard defines a Device Attestation Procedure that relies on digital certificates and private keys deployed on the devices and used during commissioning to prove authenticity and standard compliance. Matter's official threat model highlights the importance of safeguarding this cryptographic material, but how have manufacturers been handling this aspect so far?
This research puts this model under test, and presents a thorough analysis of the protection mechanisms implemented in one of the first Matter commercial sensor available on the market. Our investigation revealed how both hardware and software defenses implemented by the manufacturer can be bypassed, which ultimately allowed us to compromise the confidentiality of the device’s private key. An attacker achieving the same result could potentially create counterfeit devices indistinguishable from genuine certified ones, thus jeopardizing the security and privacy of an entire Matter network.