As the world of smart homes and IoT continues to grow, security becomes a critical aspect for consumers and manufacturers alike. Matter, formerly known as Project CHIP (Connected Home over IP), is an open-source standard for smart homes and IoT devices, overseen by the Connectivity Standards Alliance (CSA). With support from industry giants such as Google, Amazon, Apple, and Samsung, Matter aims to create an interoperable ecosystem of smart devices, regardless of the manufacturer. As it grows in adoption, it is poised to become the leading standard for smart home environments.
Nozomi Networks Labs recently conducted research focusing on the Matter protocol. Our findings, detailed in our new white paper, reveal security vulnerabilities that highlight both the achievements and challenges in Matter’s implementation. This blog shares some of the highlights of our findings and their implications for the IoT ecosystem.
Matter’s Security Framework: The Vision
The Matter protocol aims to establish a unified and secure framework for smart home devices, with strong backing from major industry players. A cornerstone of its security model is the Device Attestation Certificate (DAC), which ensures that devices are legitimate, certified, and meet Matter's compliance standards. Device attestation works by using DACs linked to cryptographic private keys, allowing devices to verify their authenticity during commissioning.
The CSA has designed Matter with strong security principles, emphasizing certified devices that authenticate themselves in an encrypted and verified ecosystem. However, while Matter provides a robust framework, it leaves key implementation details—such as the physical security of cryptographic keys—up to device manufacturers. Our research focused on how these theoretical protections play out in practice, examining whether DAC private keys in commercial Matter devices are adequately protected against physical attacks.
Research Findings: The Vulnerabilities Exposed
The research team at Nozomi Networks Labs set out to answer key questions regarding the security of DAC private keys in commercial Matter devices:
- What hardware and software protections are implemented to securely store the DAC’s private key?
- Can these protections be bypassed to access the DAC’s private key?
Upon analysis, we discovered that the SoC used in the device had its debug interfaces locked. However, the hardware was vulnerable to a known issue, which allowed us to perform a fault injection attack to unlock these interfaces. Once unlocked, we were able to dump the device’s flash memory and access its raw firmware.
Through reverse engineering, we also discovered that the vendor had implemented a custom obfuscation procedure to protect the DAC’s private key. However, we successfully reversed this obfuscation and compromised the key’s confidentiality. These findings illustrate how attackers with physical access could clone or impersonate the device.
These findings underscore a key concern: while the Matter protocol promotes secure design, the lack of mandated protections for DAC keys leaves devices exposed to cloning risks. As more IoT devices enter the market, such vulnerabilities could have significant implications if exploited at scale. For instance, a cloned device with a compromised DAC could interact with other nodes within a Matter network, potentially exposing users to wider security risks depending on the Access Control List (ACL) policies in place.
Lessons From the CSA: Addressing Security Challenges
In collaboration with the CSA, we have also taken into account the key lessons they emphasize, which aim to further strengthen the Matter protocol's defenses. Here are four important considerations from the CSA:
- Security evolves over time: Devices that are considered secure today may not be secure in the future, especially given the rapid evolution of attack methods. IoT devices, with their extended lifespans, need to anticipate and adapt to evolving threats. In this particular case, the underlying vulnerabilities we exploited had been addressed in later hardware updates, yet older devices remain vulnerable.
- Impact limitation through access control: The CSA emphasizes that the Matter protocol limits the amplification of vulnerabilities by leveraging Access Control Lists (ACLs). Even if a device is compromised, restrictive ACL policies can mitigate the impact by controlling interactions within the Matter network. This is an effective solution, but it depends heavily on manufacturers and ecosystems properly configuring these policies.
- Importance of physical security: The attack we conducted required physical access to the device. The CSA points out that manufacturers can implement techniques such as secure elements or enclaves to make physical attacks more challenging. This is indeed a vital aspect of protection that manufacturers must consider, as relying solely on software-level protections is insufficient when attackers have direct physical access.
- Revocation mechanism for compromised devices: Matter's support for a PKI-based revocation mechanism is a critical step towards enhancing security. This mechanism allows the revocation of compromised DACs, but it is not yet implemented in the standard SDK or widely adopted. Until this becomes a reality, compromised devices can still pose a risk, and swift progress is needed to ensure a higher level of resilience.
The Role of Device Attestation PKI Revocation
To address such vulnerabilities, the CSA has introduced a certificate revocation feature in newer Matter specifications (introduced in version 1.2 of the standard, released in Fall 2023). This feature enables commissioners to verify whether DACs have been revoked, a critical step toward protecting the network from compromised devices. However, this revocation process is currently part of the standard’s specification and not yet implemented in the Matter SDK or widely adopted by device manufacturers.
We fully acknowledge the CSA’s proactive steps in introducing these protective mechanisms and recognize the challenge in bridging the gap between specification and practical implementation. The revocation mechanism holds promise, but until it is fully integrated into the SDK and adopted across ecosystems, IoT devices remain vulnerable. We look forward to collaborating further with the CSA to expedite these developments, ensuring stronger, more consistent security across the ecosystem.
Weighing the Risks
When a company manufactures a product, significant time and effort is spent refining the balance between the various inputs which come together and are measured as the return on the capital investment. Every business reaches the point where they must accept residual risk and press forward with production and sales. To do otherwise would lead to an endless cycle and ultimately business failure.
Hardware products and manufacturing differs from the Software Development Lifecycle because of this inability to continuously re-engineer a device that was physically installed some time ago. These devices may remain in service, with their vulnerabilities and flaws, for decades in environments which may begin at the family home and end in critical infrastructure such as energy, healthcare or mass transportation.
When selecting components for a final product, designers must meet the criteria set down for return on investment, while balancing that with the need for security and reliability. Physical security is as much of a concern as cybersecurity.
We live in an age where supply chain attacks no longer need to be executed through military might. The reality of cyberattacks on supply chains has been demonstrated several times in the last few years. A simple search returns several well-known attacks.
Regardless of whether the exploitable device is in a home, a hospital, a military installation or another manufacturers production plant, the effects caused by a successful supply chain attack can become very real, very quickly. They can also change the lives of those involved.
Designers need to know that their suppliers take security as seriously as their customers will. Attack vectors and methodologies change over time. New tools, techniques and processes are discovered daily. It is an ever-changing landscape and yet, once a product leaves the factory, aside from the opportunity to update firmware or software, the opportunity to re-engineer around a hardware issue is gone.
Manufacturers have a vested interest in educating their customers on the best installation and maintenance practices as this helps to build a long-lasting relationship.
Nozomi Networks’ Commitment to IoT Security
Our research at Nozomi Networks Labs aims not only to uncover vulnerabilities but to advocate for the adoption of best practices in protecting cryptographic material. As detailed in our white paper, we provide a full analysis of the fault injection attack and the reverse engineering techniques used to access the DAC private key, along with recommendations for improving device resilience against physical attacks. This white paper will serve as a resource for manufacturers, developers, and security professionals to better understand and mitigate the challenges in securing Matter devices.
Conclusion: Moving Toward a Safer IoT Ecosystem
Our research highlights both the strength of the Matter protocol’s security framework and the areas where further development is needed. The vulnerabilities we uncovered should prompt manufacturers to prioritize robust security mechanisms, particularly in the physical protection of DAC keys and rapid integration of revocation capabilities. The CSA’s commitment to evolving the protocol and addressing these weaknesses is commendable, and we believe that through continued collaboration, these vulnerabilities can be effectively mitigated.
Our white paper offers an in-depth look at our research methodology, technical findings, and actionable insights for enhancing IoT security in Matter-compliant devices. We encourage all stakeholders in the IoT industry to review our findings and consider how we can work together to build a safer digital landscape for users around the world.
