Tweet
Speaker has canceled. Archived with strikeout for reference and being indexable by search.
Thread Lightly: Navigating the Perilous Path of Matter's Dark Side
Valentin Leon, Senior Security Engineer at Amazon Devices, He/Him
Tool, Exploit
45
In the era of smart home automation, the recent rollout of Matter over Thread protocol has promised enhanced security and convenience. However, during an in-depth security review of the Matter and Thread open-source implementations, we stumbled upon a critical vulnerability. Our findings revealed a logical issue in OpenThread, enabling unauthenticated nodes to craft radio frames that bypass security checks and infiltrate Thread as well as Wi-Fi networks with arbitrary IP packets.
This talk sheds light on the vulnerability's discovery, exploitation by crafting raw frames through a radio-coprocessor, and coordinated patching with vendors. Join us to explore how the design of Matter and Thread impacts the security bar of home networks with greater inter-connectivity, and learn how to navigate the complex landscape of smart home security.
Valentin Leon is a seasoned cybersecurity professional with a decade of experience in security research, penetration testing, and IoT device security. As a San Diego-based expert, he specializes in radio protocols such as WiFi, RFID, WiFi, Bluetooth, or Thread. Valentin boasts an impressive track record, having served as Technical Director at NCC Group for 7 years and as a Senior Security Engineer at Amazon Devices for 3 years. In these roles, he has consistently demonstrated his prowess in the field and his commitment to securing complex systems.
Valentin's expertise has not gone unnoticed, as he has been invited to share his knowledge at multiple OWASP chapter talks and hosted training events at BSides and OWASP. With a keen eye for uncovering vulnerabilities and a deep understanding of the intricacies of smart device security, Valentin continues to make significant contributions to the world of IoT and radio protocol security.
REFERENCES:
PySpinel for controller RCP (https://github.com/openthread/pyspinel)
Matter Protocol Documentation (https://github.com/project-chip/connectedhomeip)
OpenThread Official Repository (https://github.com/openthread/openthread)
ZigBee Alliance (https://zigbeealliance.org)
OWASP IoT Project (https://owasp.org/www-project-internet-of-things)
Thread Lightly: Navigating the Perilous Path of Matter's Dark Side
Valentin Leon, Senior Security Engineer at Amazon Devices, He/Him
Tool, Exploit
45
In the era of smart home automation, the recent rollout of Matter over Thread protocol has promised enhanced security and convenience. However, during an in-depth security review of the Matter and Thread open-source implementations, we stumbled upon a critical vulnerability. Our findings revealed a logical issue in OpenThread, enabling unauthenticated nodes to craft radio frames that bypass security checks and infiltrate Thread as well as Wi-Fi networks with arbitrary IP packets.
This talk sheds light on the vulnerability's discovery, exploitation by crafting raw frames through a radio-coprocessor, and coordinated patching with vendors. Join us to explore how the design of Matter and Thread impacts the security bar of home networks with greater inter-connectivity, and learn how to navigate the complex landscape of smart home security.
Valentin Leon is a seasoned cybersecurity professional with a decade of experience in security research, penetration testing, and IoT device security. As a San Diego-based expert, he specializes in radio protocols such as WiFi, RFID, WiFi, Bluetooth, or Thread. Valentin boasts an impressive track record, having served as Technical Director at NCC Group for 7 years and as a Senior Security Engineer at Amazon Devices for 3 years. In these roles, he has consistently demonstrated his prowess in the field and his commitment to securing complex systems.
Valentin's expertise has not gone unnoticed, as he has been invited to share his knowledge at multiple OWASP chapter talks and hosted training events at BSides and OWASP. With a keen eye for uncovering vulnerabilities and a deep understanding of the intricacies of smart device security, Valentin continues to make significant contributions to the world of IoT and radio protocol security.
REFERENCES:
PySpinel for controller RCP (https://github.com/openthread/pyspinel)
Matter Protocol Documentation (https://github.com/project-chip/connectedhomeip)
OpenThread Official Repository (https://github.com/openthread/openthread)
ZigBee Alliance (https://zigbeealliance.org)
OWASP IoT Project (https://owasp.org/www-project-internet-of-things)