Samsung SmartThings Station (2023)
From Wiki-IoT
Classification
| Samsung SmartThings Station (2023) | |
|---|---|
| Classification | |
| Grade | A- |
| Calculator version | [[:Category:Calculator v|]] |
| Classification date | |
| Information | |
| Name | Samsung SmartThings Station (2023) |
| Brand by Parent | Samsung by Samsung Electronics Co., Ltd. |
| Generation | 1st Generation |
| Model(s) | EP-P9500TBE |
| Release date | 2023-02-01 |
| Type/Category | Smart-home hub + 15 W wireless charger |
| Website | [1] |
| Status | In sale |
| More | |
| Dimensions | 91.3 × 91.3 × 23.2 mm |
| Mass | 128.3 g |
| Operating system | Embedded SmartThings Hub firmware (Matter 1.2, Thread 1.3, Zigbee 3.0, BLE 5.2) |
| Companion App | SmartThings App (Android/iOS) |
| CPU | |
| GPU | |
| Memory | |
| Storage | |
| Battery | |
| Power | |
| Charging | |
| Display | |
| Camera | |
| Sound | |
| Connectivity | |
| Device | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Known hardware tampering | Rare | [[1] https://news.samsung.com/us/power-simplicity-meet-innovators-brought-smartthings-station-life-interview [2] https://www.ifixit.com/Teardown/Samsung+SmartThings+Station+2023+Teardown/175817 [3] https://docs.samsungknox.com/KnoxMatrix/whitepaper.pdf] | Test-pads under shield; no public back-door |
| Known vulnerabilities | Rare | [[1] CVE-2024-1392 (Matter PASE brute-force, patched) [2] https://research.nccgroup.com/2024/03/12/technical-advisory-matter-pase-pin-bruteforce/ [3] https://www.cve.org/CVERecord?id=CVE-2024-1392] | Only 1 medium CVE |
| Prior attacks | Rare | [Same CVE-2024-1392; no mass exploitation reported] | No large-scale incident |
| Updatability | Very common | [[1] https://support.smartthings.com/hc/en-us/articles/115003520346 [2] Auto patch ≤30 days] | Forced OTA via SmartThings cloud |
| Category score | 2 | ||
| System | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Authentication with other systems | Partial | [[1] https://developers.smartthings.com/docs/device-access [2] Samsung Account OAuth 2.0 & Matter commissioning] | 3rd-party via OAuth or Matter |
| Communications | Encrypted with up-to-date encryption | [[1] Thread 1.3 AES-CCM-128, TLS 1.3, WPA3 [2] https://docs.samsungknox.com/KnoxMatrix/whitepaper.pdf] | Zigbee 3.0 AES-128-CCM |
| Storage | Encrypted with up-to-date encryption | [[1] On-device AES-256-XTS (Edge routines) [2] Cloud AES-256-GCM] | Keys stored in Knox Matrix PSA-RoT |
| Category score | 2 | ||
| User Authentication | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Account management | Full | [[1] https://account.samsung.com/ [2] Family group & member roles] | One-click delete all hub data |
| Authentication | Secure | [[1] Samsung Account 2SV mandatory since 2022 [2] https://support.samsung.com/us/account/2-step-verification] | FIDO2/U2F security keys supported |
| Brute-force protection | Exist | [[1] 5 wrong PIN → 15 min lockout [2] https://support.smartthings.com/hc/en-us/articles/115003520346] | Exponential backoff |
| Event logging | Access event logged | [[1] SmartThings App → Menu → History [2] 30-day JSON export] | Hub, device, routine events |
| Passwords | Require change after setup with complexity requirements | [[1] Sign-up ≥8 chars, mixed-case+symbol [2] https://support.samsung.com/us/account/password-policy] | No default weak creds |
| Category score | 1 | ||
| Grade | A- |
|---|
