Apple's Strict Bluetooth LE Security Requirements Slowing Rollout of HomeKit Accessories

Discussion in 'iOS Blog Discussion' started by MacRumors, Jul 22, 2015.

  1. MacRumors macrumors bot


    Apr 12, 2001

    While it has been more than a year since Apple launched HomeKit, a software framework for communicating with and controlling light bulbs, thermostats, door locks and other connected accessories in the home, only five HomeKit-approved products have been released to date: the Ecobee3, Elgato Eve, iHome iSP5 SmartPlug, Insteon Hub and Lutron Caseta Wireless Lighting Starter Kit.

    The slow rollout of HomeKit-enabled hardware accessories is not because of a lack of interest in the platform, but rather Apple's strict security requirements for Bluetooth LE (low energy) devices, according to Forbes. In particular, the strong level of encryption required to use the HomeKit protocol through Bluetooth LE has resulted in lag times that essentially render some accessories useless.
    Elgato Eve smart home sensors for doors, windows and energy consumption

    Chipmakers such as Broadcom and Marvell have reportedly been working to improve their Bluetooth LE chips to more effectively handle Apple's level of encryption, an important step if the company wants to become a major player in the smart home. In the meantime, developers have either been focusing on Wi-Fi-based HomeKit hardware or working on temporary solutions to the problem.
    HomeKit delays have also been attributed to "sparse and shifting" documentation and Apple's tedious certification process for its "Made for iPhone/iPad/iPod" (MFi) program. HomeKit accessory makers are required to send multiple prototypes of their products to Apple for testing, and the process can be lengthy until Apple is satisfied.

    Apple's attention to detail and focus on security should prove worthwhile for customers, however, and the company has the size and reputation to enforce manufacturers to adopt those high standards. "This is one of those things that Apple does," a source working on a HomeKit device told Forbes. "They force an issue. It's like that here. Regular Bluetooth has an issue -- it's not secure."

    Article Link: Apple's Strict Bluetooth LE Security Requirements Slowing Rollout of HomeKit Accessories
  2. myemailisjustin macrumors newbie

    Nov 3, 2010
    rather wait 40 seconds than have it hacked over the internet...hello chrysler
  3. zorinlynx macrumors 603


    May 31, 2007
    Florida, USA
    This is one of those forward thinking things that will inconvenience us now but be worthwhile later.
  4. BMcCoy macrumors 68000


    Jun 24, 2010
    Security first... efficiency later.

    I'm okay with that.....
  5. unplugme71 macrumors 68030

    May 20, 2011
    I agree, with all the things being connected these days, its nice to have someone leading the industry with security in place. Unlike some car manufacturers out there!
  6. OldSchoolMacGuy Suspended


    Jul 10, 2008
    Security first. That's just fine.

    Would rather have it slow rollout than people able to easily break into my place remotely.
  7. rdlink macrumors 68040


    Nov 10, 2007
    Out of the Reach of the FBI
    Agree with the other posts, and Apple's position. If the lock to my front door is going to be internet connected it damn well needs to be secure.
  8. doelcm82 macrumors 68040


    Feb 11, 2012
    Florida, USA
    I'd rather stick to a traditional key than wait 40 seconds. But I'm confident that they'll make the necessary changes, so a 40-second wait is not necessary even with the extra security.
  9. avanpelt macrumors 68030

    Jun 2, 2010
    Translation of the article: It will be 2 to 3 years minimum before HomeKit becomes a viable technology for the vast majority of Apple's customer base. Forty seconds to unlock a door? The average person is going to say "screw that" and just continue to use a key. If my brand new Mac took 40 seconds to boot, that would be considered a problem.

    Truth be told, Apple should've been talking to chip makers and app developers behind the scenes for at least another year or two before they announced HomeKit to the public. This "just get something shipped and we'll fix it later but we're going to present this new thing at the keynote as if it's ready for prime time and it's groundbreaking" approach that Apple seems to be taking more and more these days is getting old.
  10. reallynotnick macrumors 6502a

    Oct 21, 2005
    Downside to a traditional key is it will take someone less than 5 seconds to bump the lock open. (Of course there are more complex locks out there, just they are rarely used)

    But yes they will for sure have to sped up the process, but I'm glad they are paying attention to the details and making it secure from the start.
  11. Mike MA, Jul 22, 2015
    Last edited: Jul 22, 2015
  12. avanpelt macrumors 68030

    Jun 2, 2010
    If someone wants to break into your house, a door lock that is controlled using enhanced bluetooth encryption is not going to stop them.

    All these HomeKit-enabled locks do is allow you to do is control the lock with your phone or tablet. I haven't seen any bluetooth-enabled lock on the market that purports to be more effective than a traditional keyed lock at preventing a break-in. If someone wants to destroy a lock to get into your house, they'll do it whether you have a $20 traditional keyed lock or a $200 HomeKit-enabled lock.

    These "internet of things" devices as we know them today are primarily about convenience, not primarily about having additional physical security above and beyond what traditional, non-connected products offer. Don't get me wrong, I have a house full of Insteon products and I am a big believer in "connected" stuff in the home. That said, I recognize that my use of Insteon products is primarily due to their convenience. I like to think that my use of said products makes my home more secure, as well; but in reality, I know that I just have a fascination with technology and being able to control things in my home from across town or from thousands of miles away is pretty cool.
  13. WordsmithMR macrumors 6502


    Mar 17, 2015
    This allows for an attacker to catch up to you... May not seem like something that could happen in a neighborhood with a house using tech like this... But those are the neighborhoods that this happens.
  14. 2457282 Suspended

    Dec 6, 2012
    I have been impatiently waiting for Hue to get it together and gent on the Homekit bandwagon. If the delay is due to security as stated here then I guess I will be a bit more patient. I would hate for someone to hack in and turn off the lights when I am in the shower or something. :D

    Seriously though, I totally support security. This is important.
  15. bookwormsy macrumors 6502

    Jul 7, 2010
    Agreed. I see nothing wrong with emphasizing security when it comes to my house. When you look at all of the IP cameras that are totally exposed and have been for years, it's scary to imagine that your lock could be as exposed.

    Plus since it's Apple, people are going to be thoroughly vetting their security, independently. .
  16. currocj macrumors regular

    Jul 8, 2008
    A thermostat delaying 40 seconds, on the other hand, is no problem at all
  17. xraydoc macrumors demi-god


    Oct 9, 2005
    I have a house full of connected equipment - z-wave enabled deadbolts, Hue/GE/Cree light bulbs, Lutron Caseta dimmer switches, Nest thermostat, cameras and smoke detectors, etc.

    A determined thief is not going to be stopped by any of it (though his picture will most certainly be captured by one at least one of the several cameras). Who needs to electronically hack a deadbolt when there's a bunch of windows that are much easier to physically get through...?

    A professionally-monitored ADT alarm system, independent from the rest of the connected-home equipment, is the main deterrent. Loud klaxons drawing lots of attention - plus a call to the near-by police station - should be a potential burglar's main concern.
  18. longofest Editor emeritus


    Jul 10, 2003
    Falls Church, VA
    Security first absolutely, but did you read the insane requirements?

    Elliptic Curve and 3072 bit keys... What are we guarding against, quantum computers? What's wrong with good old AES 256?
  19. jdillings macrumors 68000

    Jun 21, 2015
    Security is overrated just ask Microsoft and Adobe
  20. tillsbury macrumors 65816

    Dec 24, 2007
    The question is: does Ashley Madison's server know you've gone out?
  21. iMacDragon macrumors 68000


    Oct 18, 2008
    This is something I really don't understand, that most door locks are so crappy, when there's far better options available.

    Basically every door lock in finland for example is unbumpable, and very hard to pick.
  22. avanpelt macrumors 68030

    Jun 2, 2010
    I don't know if the encryption requirements are the culprit, but I do know that one of the few HomeKit-enabled devices I've been following that's available now -- the Insteon Hub Pro -- is being absolutely trashed by the majority of reviewers as being unreliable when it comes to using HomeKit's features to control Insteon devices -- which is the only real selling point of the "Hub Pro".

    It seems to me that HomeKit now is half-baked much like Apple Maps was when it launched. I'm sure there's a lot of blame to go around -- from Apple to app developers, to hardware makers. In the end, though, HomeKit is Apple's baby. They're the ones who decided to tell the world about it over a year ago and make it appear as though HomeKit was going to revolutionize our homes in relatively short order. Like Apple Maps a few years ago, I think Apple pulled the trigger and unveiled HomeKit to the world way before they should have.
  23. mw360 macrumors 65816


    Aug 15, 2010
    But this gear isn't like buying an iPhone that I'm going to toss in two years. If I install locking and lighting and heating systems deeply embedded into my house, I'm going to want at least some of that stuff to last thirty years. Folks are installing solar panels, LED lighting, boilers etc. which don't pay for themselves for at least 10, 15, 20 years. Whatever protocols they design now, really have to last for a very very long time. Home automation isn't going to work if Apple pull their usual stunt of forcing us to upgrade all our hardware on their schedule. Futureproofing their security is a promising suggestion that they won't.
  24. Zxxv macrumors 68040

    Nov 13, 2011
    All that does is annoy neighbours and anyone walking past, neither of which comes running to help or see what the commotion is. ;)
  25. rdlink macrumors 68040


    Nov 10, 2007
    Out of the Reach of the FBI
    [QUOTE="xraydoc, post: 21623524, member: 59619"...A professionally-monitored ADT alarm system, independent from the rest of the connected-home equipment, is the main deterrent. Loud klaxons drawing lots of attention - plus a call to the near-by police station - should be a potential burglar's main concern.[/QUOTE]

    Actually, this is just as much of a deterrent, and much, much cheaper...

Share This Page

48 July 22, 2015