Apple's HomeKit is proving to push the state of wireless security forward

Hardware has the word "hard" right in the name. Software isn't easy, but in the modern age it can be updated almost any time for almost every person using it. Atoms are far less forgiving than bits. That's why anyone with any sense knew that Apple's HomeKit—originally announced in June of 2014—was going to take a while to hit the market. New product categories come with new frustrations for platform owners, accessory vendors, and early adopters alike. But in some cases, like with home automation, that's ultimately good for everyone.

The latest in a line of complaints about the time and trouble involved in bringing HomeKit accessories to market focuses on Bluetooth. Forbes:

Apple allows for either WiFi or Bluetooth low energy (LE)-enabled devices to get certified as a HomeKit accessory. Apple is requiring device makers using both WiFi and Bluetooth LE to use complicated encryption with 3072-bit keys, as well as the super secure Curve25519, which is an elliptic curve used for digital signatures and exchanging encrypted keys. [...]WiFi-enabled devices can handle these security requirements, but it seems devices running over Bluetooth LE are having some issues. The intensive processing demands for generating and sending these security keys is what's likely causing these lag times said Monica.

This falls back to the ages-old battle between convenience and security. Early home automation accessories raced to get on the market with little or no concern for security or reliability. Many people knowledgeable in wireless technology simply refused to use them for those very reasons. Other people, who just wanted shiny new toys and new conveniences, bought them anyway. (Guilty!)

When those devices were added to home networks, however, they created security holes and, in some cases, interfered with the network itself. Chipmakers could have been faster to add proper security and reliability to support these kinds of devices, and accessory makers could have been more demanding and more patient and helped force the issue forward, but not everyone knows or cares about this kind of stuff.

Apple does.

So, yeah, HomeKit is taking a while. When I saw the early prototypes at CES 2015, I assumed we'd have to wait until fall 2015 to see any shipping devices. A few manufacturers have managed to ship already, but that's a testament to their ingenuity and resolve than anything approaching a normal industry timeline.

But let's be clear here: If you think I'm defending Apple or apologizing for HomeKit or any of that nonsense, think again. I'm defending myself and everyone who reads this.

When I see articles about HomeKit taking too long or being too hard, frankly, I'm baffled. Where were all articles about how long it was taking for secure wireless chipsets to hit the market, or about the sorry state of home automation reliability and security before HomeKit? It may not "sell papers", but as a customer that's what I need to be informed about.

These accessories are coming into our homes. They're going to be controlling the devices we and our families live with. They need to be rock-solid reliable and as secure as the state-of-technology allows. Because you better believe the first "hijacked home" video will go viral.

So, if vendors are having to work their asses off to make this stuff great, to make it solid, and to make it locked down—huzzah! I wish they'd done it sooner, but I'm delighted Apple—and hopefully other platform owners—are making damn sure they're doing it now.

And if Apple evolves the standards and protocols as everyone learns and figures this stuff out—huzzah again. Better Wi-Fi, better LTE, better accessories, better software—All of that sounds not only great to me, but critical.

Because, when it comes to my home, the hoops I expect everyone to jump through can't be too high.

Rene Ritchie
Contributor

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.

8 Comments
  • Could I ask please what case you're using in the picture? Sent from the iMore App
  • Bravo! Now if I could just get my Hue lights from coming back to a Full-On condition after suffering a power outage.
  • I'd rather wait and know that things are secure! Kudos for the manufacturers that have already shipped products!
  • A great recent commercial uses this idea that Home Automation can make your home less secure. Just to show that it is indeed important to have safety features on the top of the list:
    https://youtu.be/_CQA3X-qNgA
  • The FUD is strong.
  • Hi Rene, I was strolling the Web looking for HomeKit security information and I came across your article. The funny thing is that just by reading the title "One of the best aspects of Apple's HomeKit protocol is its security." I immediately knew it came from iMore, and sure thing I was also sure that you wrote it before getting to the end of the article! :) You know, I always loved your objectivity, your detailed/thorough analysis, and you also have a nice grip on the human thinking! And what's best: you never fall for the obvious or the easy stuff... Congrats and we're always enjoying everything that you do! Johnny
  • On another note: "Other people, who just wanted shiny new toys and new conveniences, bought them anyway..." : Well I (too) bought a WeMo Hub, had fun with it, but I ultimately returned it because Belkin wasn't not able to reassure me with their (lack of) security protocol. So far only the iHome Smart Plug iSP5, the Insteon Hub Pro and the Phillips Hue Bridge (and those found here https://support.apple.com/en-us/HT204903) has HomeKit enabled (that I know of), and I won't go with anything less then with a "Work With Apple HomeKit" device. We're talking about turning on my CrockPot, opening my garage door and managing my CO2 detector here! I'd say that this deserves a ultimate security protocol for WiFi/BT LE. Cheers
    Johnny
  • ... and I just read an article on Baby Monitors Security on The Verge... It's bad, real bad! IoT is crying out loud for better security! http://www.theverge.com/2015/9/2/9241661/baby-monitors-vulnerable-hackin...