This study systematically uncovers, for the first time, the privacy leakage risks inherent in the Matter protocol under encrypted traffic analysis: even when communication payloads are encrypted, a passive adversary can exploit traffic metadata to infer device interaction behaviors and types with high accuracy. Leveraging datasets collected from both real-world testbeds and simulated environments, the authors extract distinguishable device fingerprints through traffic metadata analysis, sequential pattern recognition, and machine learning techniques. Experimental results demonstrate that, under realistic network conditions involving packet loss and latency, the approach achieves over 95% accuracy in identifying interaction behaviors and exceeds 88% accuracy in device type classification. These findings have been adopted by the Connectivity Standards Alliance (CSA) and are expected to inform enhanced privacy protections in future versions of the Matter specification.

Matter is the most recent application-layer standard for the Internet of Things (IoT). As one of its major selling points, Matter's design imposes particular attention to security and privacy: it provides validated secure session establishment protocols, and it uses robust security algorithms to secure communications between IoT devices and Matter controllers. However, to our knowledge, there is no systematic analysis investigating the extent to which a passive attacker, in possession of lower layer keys or exploiting security misconfiguration at those layers, could infer information by passively analyzing encrypted Matter traffic. In this paper, we fill this gap by analyzing the robustness of the Matter IoT standard to encrypted traffic analysis performed by a passive eavesdropper. By using various datasets collected from real-world testbeds and simulated setups, we identify patterns in metadata of the encrypted Matter traffic that allow inferring the specific interactions occurring between end devices and controllers. Moreover, we associate patterns in sequences of interactions to specific types of IoT devices. These patterns can be used to create fingerprints that allow a passive attacker to infer the type of devices used in the network, constituting a serious breach of users privacy. Our results reveal that we can identify specific Matter interactions that occur in encrypted traffic with over $95\%$ accuracy also in the presence of packet losses and delays. Moreover, we can identify Matter device types with a minimum accuracy of $88\%$. The CSA acknowledged our findings, and expressed the willingness to address such vulnerabilities in the next releases of the standard.