Add random traffic padding to server connections from hub

Please add traffic padding to obfuscate potential action performed server side. See this link for details:

https://techxplore.com/news/2022-11-smart-home-hubs-users-vulnerable.html

It’s a very interesting security exploit, but looking at the actual study paper:

https://par.nsf.gov/servlets/purl/10298285

It only applies to the traffic going from the hub to the cloud. It won’t capture any information that is completely local between the hub and devices in the home.

Smartthings is already in the middle of a major platform transition, which, among other things, will move communications with Zigbee, Thread, and Z wave devices to a much more local model called edge.

In addition, devices using matter on the local Wi-Fi LAN also would not be exposed to this hack.

So while packet padding is an interesting idea, and might well be considered a best practice for the future, most of what the paper describes is based on the old architecture and starting some time in 2023 Smartthings hub users would not have the same vulnerabilities for most of their device communications, even if they were using the same devices tested in the experiment, because it’s no longer leaving the home.

@tpmanley @posborne

1 Like