My first reaction here was horror: Home Assistant and Zigbee integrate perfectly with IKEA’s devices, and the devices are beautifully designed! Please don’t take these away! Only the other day did I marvel at how a low battery indicator flashes on one of my remotes when I use it. A design flourish that I really appreciated.
But I read that Thread supports IPv6 via mesh networking. It did always feel a bit awkward having Zigbee networking and IP networking competing over the same site. It would be very nice to issue commands from any peer to any other peer, using standard networking. Can anyone here confirm that Matter/Thread will be a bright, open, and happy new future?
A lot of people I know would scoff at “smart home” stuff. I used to. Having a programmable house is incredibly useful though. When all your lights and sensors are available for programming you can do stuff that’s cool not because it is particularly innovative but because it is incredibly easy to implement:
- my partner can control a “do not enter, call in progress” red light bulb;
- my outside lights trigger off PIR, door sensors, or Ring motion detection;
- I have a series of indoor lamps come on in succession if motion is detected outside at night;
- we programmed a push button to turn a light green on one tap and red on a double tap for a fun game of twenty questions;
- and my indoor Ring cameras shut down unless both my partner and I are out of the house.
All of these things were trivial to do given that everything is available on one Home Assistant instance!
> Can anyone here confirm that Matter/Thread will be a bright, open, and happy new future?
Sorry, it’s a closed ecosystem. It relies on PKI and device attestation to ensure that only devices from approved partners are usable. It’s unlikely that small players can participate, and zero chance of any homebrew scene.
I disagree that there’s zero chance for a homebrew scheme; it’s pretty easy to enable development mode and commission self-made devices using Google Home or Apple Home on both iOS and Android.
Dev mode seems like such a nonstarter. I don't know what dev mode entails, but I don't want to be running my kitchen light in dev mode, I'll just use an analog switch.
> Dev mode seems like such a nonstarter. I don't know what dev mode entails,
... what?
All it means is that the "commissioner" (broker which attaches Matter devices to your Fabric) ignores the chaining of the device attestation to an approved CA. In the case of using Google's Commissioner, this requires adding a Vendor and Product ID in your account's Developer console. In the case of Apple's Commissioner, it's just pressing a "Trust this unknown device" button. That's it.
I can't conceptualize exactly what the use case is here, but I get the impression there's a set of steps that have to be done in sequence after installing my light bulb, and that's another step to an already fairly involved process. All to screw in a light bulb. And the light bulb is the easy case. If it's actually two devices and I want them to talk to each other, and one of them is automatically trusted, and the other one is untrusted, I'm skeptical that just pushing the button is going to help. (Actually in general I'm skeptical that it will typically work without extensive research, and this is just one in a long list of potential gotchas.)
Matter specifies that all firmware images must be signed so the device can verify authenticity before installation, ensuring they haven’t been tampered with. Matter further requires mechanisms to prevent unauthorized firmware execution and ensure that firmware can't be downgraded.
Matter states that firmware images “may be encrypted.” This is not a requirement, though encryption is allowed and may add security
This sounds like it only affects OTA updates going through the Matter stack, not an explicit requirement to block serial flashing.
Disclaimer: I haven't tried serial flashing of Shelly/Sonoff Matter-enabled devices myself, just remember some complaints of customers that failed to re-flash such devices.
That's pretty far from the main issue with iot security, and a heck of a lot of the issue with IoT in general, that the hardware gets vendor locked to a vendor that stops supporting the software (and wasn't very good at writing it in the first place)
What? You can buy a very cheap ESP32 with Thread and easily build your own device with Matter/Thread and it will work. Doesn't seem that closed. There is OpenThread that is an open source implementation of Thread. Home Assistant is compatible with Matter over Thread devices...
What's closed about this?
I know almost nothing about Matter but is this true? I though that if you control your own fabric, you can talk to any device on it because they trust your controller.
This is correct; the hand-wringing in this thread is fair in that Matter does have a central governing authority who determine which devices are trusted, but completely unjustified insofar as that making a DIY Matter fabric/network is extremely easy.
The part about Matter that's "closed" is the device attestation process; the Distributed Compliance Ledger (DCL) contains a closed set of trusted Product Attestation Authorities. The device's Device Attestation Certificate (DAC) needs to chain to these PAAs for a "production" Matter Commissioner to enroll the device in a fabric without additional steps.
Here's he thing: all available Matter Commissioners make it really easy to commission a device with an untrusted DAC; for Google you need to add the IDs for the device to a Developer account associated with device you're trying to use as the Commissioner, and for Apple (at least as of a year or so ago when I last tried this), you just press "Trust this untrustworthy device" on a dialog box.
So it's kinda like UEFI Secure Boot? PKI with a default list of officially trusted companies, and it's supposed to let the end user add their own keys, but the details make people nervous because it would be really easy for the vendor to break that any time they feel like it?
* The list of officially trusted companies and root certificates is stored on a blockchain, for whatever reason, but at least this way it's a fairly open list and it's supposed to be shared equally across all vendors.
* It's a lot easier to get an official key provisioned / device certified. It's not like UEFI where there's some murky trusted set of root keys belonging to a major manufacturer (Microsoft) who blesses things at a whim.
Importantly:
Even if the "vendor" (in this case, it's Google/Apple) stopped supporting test keys in their Commissioner, one could still run a "fully private" Matter fabric with their own Commissioner. Of course, if this happened, a user couldn't commission their devices onto the walled garden Google Home / Apple Home ecosystems, but, they could still make their own Matter fabric with their own Controller. It's not done this way normally: even with HomeAssistant, which can run its own Matter Controller, the Commissioner role is typically delegated to Apple/Google SDKs through the Home Assistant app. But this is because it's a huge pain to develop a working Commissioner (due to Bluetooth, mostly), not because it's not possible. There's no "lock-out" that causes Matter devices to only provision to approved Controllers/Fabrics - the lock only goes the opposite direction, to prevent end users from buying insecure/spyware devices with the Matter label.
However, unfortunately:
* You don't really enroll your own key or root certificate with most of the "standard" (Apple/Google) Commissioners to use them with development devices - rather, you use a fixed set of vendor or device IDs which signify them as test devices (in the extra easy path, you even use a fixed device certificate for a Test Device). This makes sense from the constraint that users can still build and develop their own devices while protecting the ecosystem from "rogue vendors," but it's not like UEFI Secure Boot in this case where the end user can enroll their own keys and truly control the system end to end.
Now again, there's nothing stopping the end user from building a Commissioner which would trust their own self-signed certificate, besides it being a pain in the butt, but that's not how it works by default - it's truly a development mode, not a bring-your-own-keys.
Buy a device from the manufacturer “Eve” try to add it to homeassistant after upgrading its firmware to use matter/thread: no can do, they don’t give you their key to talk to their devices.
I did exactly this. Got an Eve smart plug meter and it works flawlessly in HomeAssistant. I'm also pretty sure I had upgraded to the latest firmware via Apple Home app before doing so.
Great, their new devices actually work in thread mode with HA, but their older ones only when you got an Apple hub device. I’ve got 6-7 of their devices before matter was a thing and 0 work with HA. Even those that got firmware updates.
Z-wave requires certification[1] which includes alliance membership and compliance testing, and there you can do your own stuff using shields or modules[2].
Some manufacturers also make Z-wave devices, like this[3], which has some generic low-voltage inputs and outputs.
So while not as trivial as other things, it's possible to do a lot of DIY stuff.
> It did always feel a bit awkward having Zigbee networking and IP networking competing over the same site
Funny, to me that's a feature. It makes the threat of a hacked device that exfiltrate data from within your network much less likely. I avoid any wifi device because of that.
This. The network fragmentation is the point, just like how some businesses would run IPX internally and use a proxy for web/IP traffic to protect corporate infrastructure from malicious devices or software.
Not everything has to be on TCP/IP. For smart home connectivity, I’d say that’s a feature, provided said networking standard is just as open as TCP/IP.
As late as the early 2000s! I was still setting up IPX for some older DOS/Win95 games to play over the LAN as recently as 2008, and my Novell class (last one offered at my college, around 2007) cited several large local companies who were still employing that technique as a “security through obscurity” thing, though the professor was mainly just citing use cases for IPX rather than promoting new implementations of it.
The thread border gateway (Apple TV, HomePod, Google Nest Speaker, etc) sends an IPv6 router advertisement to the network for the Thread IP space. Multiple border gateways can advertise the same IP space for redundancy.
I have/had a segmented network, so I made sure my router accepted this route so that devices on different networks could communicate with the Thread devices. It worked, usually. However, I ran into some challenges with the reliability of communicating from my phone to various devices. I never quite got mDNS reflection 100% correct, and I strongly suspect that's my problem. If you look at an mDNS entry for a device, you'll see some advertise all their IPv6 addresses including link local (fe80::). I suspected some clients were dumb, trying the first IP they found, and giving up when it didn't work. I was working on modifying the golang mdns-reflector project to filter these entries. I had some success, but I haven't finished.
But I read that Thread supports IPv6 via mesh networking. It did always feel a bit awkward having Zigbee networking and IP networking competing over the same site. It would be very nice to issue commands from any peer to any other peer, using standard networking. Can anyone here confirm that Matter/Thread will be a bright, open, and happy new future?
A lot of people I know would scoff at “smart home” stuff. I used to. Having a programmable house is incredibly useful though. When all your lights and sensors are available for programming you can do stuff that’s cool not because it is particularly innovative but because it is incredibly easy to implement:
- my partner can control a “do not enter, call in progress” red light bulb;
- my outside lights trigger off PIR, door sensors, or Ring motion detection;
- I have a series of indoor lamps come on in succession if motion is detected outside at night;
- we programmed a push button to turn a light green on one tap and red on a double tap for a fun game of twenty questions;
- and my indoor Ring cameras shut down unless both my partner and I are out of the house.
All of these things were trivial to do given that everything is available on one Home Assistant instance!