Apple's Strict Bluetooth LE Security Requirements Slowing Rollout of HomeKit Accessories

Wednesday July 22, 2015 11:08 AM PDT by Joe Rossignol
HomeKit iPhone 6While it has been more than a year since Apple launched HomeKit, a software framework for communicating with and controlling light bulbs, thermostats, door locks and other connected accessories in the home, only five HomeKit-approved products have been released to date: the Ecobee3, Elgato Eve, iHome iSP5 SmartPlug, Insteon Hub and Lutron Caseta Wireless Lighting Starter Kit.

The slow rollout of HomeKit-enabled hardware accessories is not because of a lack of interest in the platform, but rather Apple's strict security requirements for Bluetooth LE (low energy) devices, according to Forbes. In particular, the strong level of encryption required to use the HomeKit protocol through Bluetooth LE has resulted in lag times that essentially render some accessories useless.
For example, a smartlock that makes its user wait 40 seconds before it opens is clearly inferior to a traditional lock. One of HomeKit’s selling point is that it provides a more reliable user experience, so these kinds of lag times will need to be sorted out before Apple can become a major platform for the smart home.
eve-elgato
Elgato Eve smart home sensors for doors, windows and energy consumption

Chipmakers such as Broadcom and Marvell have reportedly been working to improve their Bluetooth LE chips to more effectively handle Apple's level of encryption, an important step if the company wants to become a major player in the smart home. In the meantime, developers have either been focusing on Wi-Fi-based HomeKit hardware or working on temporary solutions to the problem.
For the time being, Elgato has found a workaround for these problems with Bluetooth LE. It’s tweaked the firmware and added additional on-chip memory to handle the heavy-duty encryption. Elgato was not anticipating having to go make these modifications initially, and now the company hopes to make a side business selling its tweaks to other device makers wanting to build HomeKit devices with Bluetooth LE.
HomeKit delays have also been attributed to "sparse and shifting" documentation and Apple's tedious certification process for its "Made for iPhone/iPad/iPod" (MFi) program. HomeKit accessory makers are required to send multiple prototypes of their products to Apple for testing, and the process can be lengthy until Apple is satisfied.

Apple's attention to detail and focus on security should prove worthwhile for customers, however, and the company has the size and reputation to enforce manufacturers to adopt those high standards. "This is one of those things that Apple does," a source working on a HomeKit device told Forbes. "They force an issue. It’s like that here. Regular Bluetooth has an issue — it's not secure."

Tags: HomeKit Guide, security, Bluetooth LE
48 comments


Top Rated Comments

(View all)
Avatar
myemailisjustin
52 months ago
rather wait 40 seconds than have it hacked over the internet...hello chrysler
Rating: 11 Votes
Avatar
BMcCoy
52 months ago
Security first... efficiency later.

I'm okay with that.....
Rating: 10 Votes
Avatar
zorinlynx
52 months ago
This is one of those forward thinking things that will inconvenience us now but be worthwhile later.
Rating: 9 Votes
Avatar
unplugme71
52 months ago
I agree, with all the things being connected these days, its nice to have someone leading the industry with security in place. Unlike some car manufacturers out there!
Rating: 8 Votes
Avatar
avanpelt
52 months ago

Downside to a traditional key is it will take someone less than 5 seconds to bump the lock open.


If someone wants to break into your house, a door lock that is controlled using enhanced bluetooth encryption is not going to stop them.

All these HomeKit-enabled locks do is allow you to do is control the lock with your phone or tablet. I haven't seen any bluetooth-enabled lock on the market that purports to be more effective than a traditional keyed lock at preventing a break-in. If someone wants to destroy a lock to get into your house, they'll do it whether you have a $20 traditional keyed lock or a $200 HomeKit-enabled lock.

These "internet of things" devices as we know them today are primarily about convenience, not primarily about having additional physical security above and beyond what traditional, non-connected products offer. Don't get me wrong, I have a house full of Insteon products and I am a big believer in "connected" stuff in the home. That said, I recognize that my use of Insteon products is primarily due to their convenience. I like to think that my use of said products makes my home more secure, as well; but in reality, I know that I just have a fascination with technology and being able to control things in my home from across town or from thousands of miles away is pretty cool.
Rating: 4 Votes
Avatar
mw360
52 months ago

Security first absolutely, but did you read the insane requirements?

Elliptic Curve and 3072 bit keys... What are we guarding against, quantum computers? What's wrong with good old AES 256?


But this gear isn't like buying an iPhone that I'm going to toss in two years. If I install locking and lighting and heating systems deeply embedded into my house, I'm going to want at least some of that stuff to last thirty years. Folks are installing solar panels, LED lighting, boilers etc. which don't pay for themselves for at least 10, 15, 20 years. Whatever protocols they design now, really have to last for a very very long time. Home automation isn't going to work if Apple pull their usual stunt of forcing us to upgrade all our hardware on their schedule. Futureproofing their security is a promising suggestion that they won't.
Rating: 3 Votes
Avatar
rdlink
52 months ago
Agree with the other posts, and Apple's position. If the lock to my front door is going to be internet connected it damn well needs to be secure.
Rating: 2 Votes
Avatar
xraydoc
52 months ago
I have a house full of connected equipment - z-wave enabled deadbolts, Hue/GE/Cree light bulbs, Lutron Caseta dimmer switches, Nest thermostat, cameras and smoke detectors, etc.

A determined thief is not going to be stopped by any of it (though his picture will most certainly be captured by one at least one of the several cameras). Who needs to electronically hack a deadbolt when there's a bunch of windows that are much easier to physically get through...?

A professionally-monitored ADT alarm system, independent from the rest of the connected-home equipment, is the main deterrent. Loud klaxons drawing lots of attention - plus a call to the near-by police station - should be a potential burglar's main concern.
Rating: 2 Votes
Avatar
OldSchoolMacGuy
52 months ago
Security first. That's just fine.

Would rather have it slow rollout than people able to easily break into my place remotely.
Rating: 2 Votes
Avatar
avanpelt
52 months ago
Translation of the article: It will be 2 to 3 years minimum before HomeKit becomes a viable technology for the vast majority of Apple's customer base. Forty seconds to unlock a door? The average person is going to say "screw that" and just continue to use a key. If my brand new Mac took 40 seconds to boot, that would be considered a problem.

Truth be told, Apple should've been talking to chip makers and app developers behind the scenes for at least another year or two before they announced HomeKit to the public. This "just get something shipped and we'll fix it later but we're going to present this new thing at the keynote as if it's ready for prime time and it's groundbreaking" approach that Apple seems to be taking more and more these days is getting old.
Rating: 1 Votes
[ Read All Comments ]