Thread and Matter reshape consumer IoT by enabling interoperable, IPv6-based device communication across vendors. This convergence expands functionality but also introduces new security blind spots tied to commissioning workflows, shared datasets and border router behavior. Limited tooling, fragmented protocol versions and inconsistent implementations make these environments difficult to observe, test and defend. Practical experimentation shows how accessible radios and embedded tooling can enumerate Thread networks, extract metadata and interact with devices in ways manufacturers did not anticipate. As adoption accelerates, defenders must understand how protocol design choices, default configurations and operational shortcuts affect real-world exposure, particularly in home automation ecosystems that bridge local networks to the internet.

In this session, led by András Tevesz, senior vulnerability researcher at CUJO AI, you will learn:

• How Thread's IPv6 mesh design changes attack surface visibility;
• The risks created by default keys, leaked datasets and weak segmentation;
• Practical methods for discovering and interacting with Thread networks.