Apple’s Strict Security Delaying HomeKit Devices

Apple / iOS / Mobile / Security / Tech

Over a year ago, Apple announced HomeKit, its system for connecting smart devices through iOS. As such, you’d think that by now the market would be flooded with HomeKit-approved smart devices. However, you’d be wrong. As it stands, only 5 such devices have been launched at this point:

  • Ecobee’s $250 WiFi-connected thermostat.
  • Elgato’s line of sensors that collect data on air quality, humidity, air pressure, temperature as well as energy and water consumption.
  • iHOME’s smart plug that allows users to turn on and off appliances wirelessly.
  • Lutron’s bridge device that connects the HomeKit standard with its connected lighting system.
  • Insteon’s bridge device that connects its massive catalogue of existing home automation devices with HomeKit.

It now appears that the delay is due to Apple’s strict security requirements for Bluetooth low energy devices. According to Forbes:

Apple allows for either WiFi or Bluetooth low energy (LE)-enabled devices to get certified as a HomeKit accessory. Apple is requiring device makers using both WiFi and Bluetooth LE to use complicated encryption with 3072-bit keys, as well as the super secure Curve25519, which is an elliptic curve used for digital signatures and exchanging encrypted keys.

WiFi-enabled devices can handle these security requirements, but it seems devices running over Bluetooth LE are having some issues. The intensive processing demands for generating and sending these security keys is what’s likely causing these lag times, said Diogo Monica, a security lead at Docker and an IEEE security expert.

According to some sources who wished to remain anonymous, lag times were anywhere from 40 seconds to as high as 7 minutes. One of HomeKit’s selling point is that it provides a more reliable user experience, so these kinds of lag times will need to be sorted out before Apple can become a major platform for the smart home.

For the time being, Elgato has found a workaround for these problems with Bluetooth LE. It’s tweaked the firmware and added additional on-chip memory to handle the heavy-duty encryption. Elgato was not anticipating having to go make these modifications initially, and now the company hopes to make a side business selling its tweaks to other device makers wanting to build HomeKit devices with Bluetooth LE.

This is not necessarily a bad thing. Obviously lag delays need to get sorted out as Apple thrives on a seamless user experience. However it is important for a connected smart home to be secure. All too often we’re reading about security breaches all around us, so I think it is important for Apple to get this right, and not just throw a product out on the market just to have one.

Any of our readers using any of the HomeKit devices listed above? Let us know how they’re working for you. Sound off in the comments or use your favorite social media link below!

  Source: Forbes


To Top