Matter
Matter is an open standard that has been developed by the "Project Connected Home over IP" (CHIP) working group since 2019 and was first published in October 2022. It is intended to enable communication between devices from various manufacturers such as Google, Samsung, Apple and Amazon, thereby extending the boundaries of existing smart home networks.
Protocol
It is an application layer protocol that is based on network protocols such as IPv6, Thread and BLE. Bridges are required to translate the network layers in order to be able to access Thread- or BLE-based devices from IP networks.
The Google Developer Center offers general documentation[2] for Matter, which explains, for example, how a new device can connect to the Matter network.
Matter Virtual Device
The Google Developer Center provides resources for the development of Matter-based devices such as a sample app for connecting Matter devices [3] or virtual Matter devices [4] for testing the interfaces.
A Matter Virtual Device (MVD) is an emulation of a Matter device and simulates the behavior of a device, e.g. switching a light switch on/off.
Possibilities
The virtual device can be built and started in several ways. A total of three possibilities have been found:
- Standalone
- Docker Image
- GitHub Repository
It turned out that the standalone is the best way to quickly set up an MVD. This requires an environment with a 64-bit x86 processor and at least Debian 11, Ubuntu 20.04 or MacOS.
GitHub Repository
- git clone https://github.com/project-chip/connectedhomeip
- Initialize the Matter project using "source scripts/activate.sh"
This variant was not pursued further, as the repository is resolved recursively and execution takes a lot of time.
Docker Image Repository
- docker pull us-docker.pkg.dev/nest-matter/docker-repo/virtual-device-image:latest
This approach downloads a Docker image that is larger than 10GB. Unpacked, it then has more than 30GB and is therefore also not suitable as a fast approach for development with Matter devices.
Standalone
The standalone Matter device was published relatively recently by Google, but is very easy to set up. Due to its comparatively small size of less than 70MB, it is easy to download and can be up and running within a few minutes.
Installation steps (Debian/Ubuntu)
- wget https://dl.google.com/mvd/mvd_1.3.0_amd64.deb
- sudo dpkg -i mvd_1.3.0_amd64.deb
- mvd
A GUI opens with which you can create an MVD.
In the new window, you can configure some settings for the device:
- Device Type - You can simulate several types of smart home devices
- Vendor ID - Unique certified ID for the vendor (possible values in development: 0xFFF1, 0xFFF2, 0xFFF3 and 0xFFF4)
- Product ID - Unique certified ID for the product (possible values in development: 0x8000 to 0x801F)
- Discriminator - If the same product occurs several times in the network, the discriminator can be used to differentiate between them.
Controller GUI
A GUI is required to communicate with the Matter device. There are two options for this:
Internal GUI via RPC
The standalone MVD is supplied with an integrated GUI, whereby the device is addressed on a different port (RPC port: 33000) than the Matter port (Matter port: 5540). As soon as the MVD has been created, the control UI for the simulated device opens.
GUI via Mobile App
The Google Developer Center has provided a CodeLab[3] with which you can develop a simple Kotlin app for controlling Matter devices. You can download a skeleton and the tutorial accompanies the developer to implement any missing code sections, which are marked with the comment "// CODELAB:". They also offer a fully comprehensive solution to compare one's own implementation.
This app was then launched onto a mobile phone using USB debugging.
Connection
To connect to a Matter device on your mobile phone, you need the following prerequisites:
Steps
Security aspect
This topic was presented as part of elective project 2. The task was to recreate an attack using the MVD and show that it could be detected and mitigated during development. However, due to the newness of the standard, it is not yet widely established and therefore few vulnerabilities and exploits are known. Therefore, we could only try a DoS attack and thus prevent access to the MVD. It was not possible to evaluate whether a DoS occurred on the device itself or on the executing platform.