Black Hat Europe 2025 | Ghosts in the Stream: Exposing Lives and Devices Behind Encrypted Doors

Strong encryption has infiltrated even the most basic battery-powered Internet of Things (IoT) gadgets. Thanks to the latest technological breakthroughs and standard developments – such as the Matter IoT standard – these tiny devices are now generating ephemeral Diffie-Hellman keys for every session, sign and encrypt messages, juggle certificate chains, and more. It sounds like IoT users can finally kick back, convinced their privacy is locked down. But not so fast. As this talk reveals, the rigid message structure of Matter traffic leaves it wide open to pattern-based snooping. Passive analysis can unmask exactly what devices lurk in a smart home and pinpoint user actions. Our data, pulled from a real-world office setup at Bitdefender in Targu Mures, Romania, shows that few traces of encrypted traffic are all it takes to identify sensors, actuators, door locks, and lamps. We could even track user movements: smart plugs toggling, locks clicking, lamps changing color. The kicker? Simple statistical techniques are enough to crack user behavior, all from encrypted traffic. With such analytical tools, it becomes possible to systematically reconstruct and reveal the daily routines of individual home users, as well as to uncover privacy-sensitive behaviors in organizational contexts, such as those of office employees working remotely in various environments. The talk also dives into why fixing this could be a real headache, since Matter's session protocol introduced versioning only starting with Matter version 1.3. The talk will take a deep dive into why these protocol design choices matter and why future standards should prioritize such aspects. By: Kristopher Schlett | Master's student, Eindhoven University of Technology Bela Genge | Senior Security Researcher, Bitdefender Ioan Padurean | Junior Security Researcher, Bitdefender Savio Sciancalepore | Senior Assistant Professor, Technische Universiteit Eindhoven (TU/e), Department of Mathematics and Computer Science (M&CS) https://ift.tt/0e1TQfL

source https://www.youtube.com/watch?v=1I8xo-tjJSs