What’s [the] Matter?
Home Automation and IoT has been on the rise in the last few years, and there’s no denying the cool-factor – blinds that open at sunrise, lights and music that set the right mood on voice command, and smart security cameras paired with a door lock to control access to your home. But is it safe? Attacks like the Mirai Botnet clearly show the risks in IoT. A new standard called Matter is looking to reduce the risk as well as allowing more IoT devices to work seamlessly together.
The Internet of Things is about enabling everyday objects to share information about their state – things like temperature, location, whether a door or window is open or closed. Devices can all be connected to a network which then allows other devices or systems to react to those states. While this is a cool idea, sadly many IoT manufacturers have not included good security in their solutions, and a proliferation of standards has made it difficult to work with products from different vendors. Consumers are left with either selecting a single brand for maximum interoperability and missing out on features from other vendors or relying on middle-ware solutions like Home Assistant to tie it all together with extra management (and additional risks). Can the Connectivity Standards Alliance (CSA) and their new standard make IoT safer?
According to the CSA-IOT website “this new industry–unifying standard is a promise of reliable, secure connectivity — a seal of approval that smart devices and systems will work seamlessly together, today and tomorrow – regardless of the smart home control platform you choose to use.” There are currently 221 members of the CSA, so there is a good chance you will find a product to scratch your specific home automation itch, and some reasonable assurance that members must take IoT security and interoperability seriously.
The security problems Matter sets out to solve are not small. Many IoT manufacturers force you to share access to your devices through their cloud-based service (something you can never fully control or secure). To add insult to injury, many of these “smart” devices are not designed to be updated, or rapidly lose support from the company who released them. Many devices have no facility for MFA or have baked-in credentials in software libraries they are built on. Often the only solution is to replace the device or block access to those vulnerabilities, which means more work to keep your network shields up. The Matter Security White Paper explains the fundamental principles members need to follow to be compliant, and these are based on standard cyber security principles like layered security and strong encryption, as well as the ability for over-the-air updates to address future vulnerabilities.
Matter shows promise mainly because so many vendors have decided to adopt it and because it is built on standard protocols and systems that are already in place. Many have already rolled out updates which add Matter support to their products, so you don’t need to buy new gear to join in, and your existing non-Matter gear will continue to work.
Matter and the CSA deserve a gold star for baking in security from the start.