back to article Apple's chip, firmware security demands behind HomeKit delays

Wondering where all the Apple HomeKit products are? Well, here's an explanation: Apple is forcing internet-of-things companies to fit Apple-certified chips and firmware in their gadgets if they are to work with the HomeKit platform. That means, in a lot of cases, engineers must effectively redesign their products to …

  1. x 7

    cloud-operated doorlocks

    just perfect for the man with nothing to fear from the feds in the night

    1. Chris King

      Why worry ?

      The crims will have helped themselves to everything long before the federales turn up.

      1. Anonymous Coward
        Anonymous Coward

        Re: Why worry ?

        I am not worried about what the Federales take, I am worried about what they plant before they show up with a legitimate Search Warrant.

    2. Anonymous Coward
      Anonymous Coward

      bring on the fanboi hurt

      The best part is taking out a second mortgage to pay for everything because this after all is Apple we are talking about.

  2. harmjschoonhoven
    Flame

    What could possibly go wrong with Apple's super-secure Homekit?

    "Siri! turn on, kettle"

    .... .... sssssssssssss Bang!

    "Siri! turn off, kettle"

    "Siri! put water in kettle"

    Nooo, not in the smart-socket.

    Yes officer, the frontdoor opens if you touch 12345 on your iPhone.

  3. Hud Dunlap
    Unhappy

    More things to buy

    "Its new approach requires an AppleTV to work as a central hub,"

    I take it that means a newer Apple TV than the one I have.

    1. Anonymous Coward
      Anonymous Coward

      Re: More things to buy

      Sorry but you have to keep current on your dues to the hipster club. Pretty pathetic that Linux will support your kit long after Apple stops.

    2. Richard Jones 1
      WTF?

      Re: More things to buy

      Why worry?

      It is just a way to sell more Apple branded items to support an alleged 'need' I for one do not have using a device I will never want and never use.

      It is like all the wonderful steps they have taken so far, they are selling snake oil to those who buy dreams. To those not in their club they are close to or less than nothing.

      I have never owned anything Apple, never missed anything Apple and will never want anything Apple, so for me it is of no interest.

      Some home automation could have very limited value, but note the words 'home automation'. I don't want, don't need and have no use for a so called smart phone so why buy a smart phone extension from any source?

      A remote to control in home thermostats, might replace legs one day - the old ones are getting old, but probably by then the need, interest and the capability to care or understand will have gone.

      1. Anonymous Coward
        Anonymous Coward

        Re: More things to buy

        >I don't want, don't need and have no use for a so called smart phone

        Wow I guess even my now somewhat elderly dad has an El Reg account now. No wait even he finally bought one. Congrats you are that guy.

    3. Dan 55 Silver badge
      Meh

      Re: More things to buy

      Oh, I thought you were going to say "I take it that means I've got to buy an Apple TV". Has anyone actually seen one in the wild?

  4. x 7

    don't worry - once you replace it you won't have to do it again for another two years

  5. W Donelson

    At least someone is paying attention to security.

    1. Teiwaz Silver badge
      Coat

      Industries jumping through apples hoops

      I kind of feel they probably should have agreed a set of security and interoperability protocols among themselves long ago, something using an agreed upon open standard maybe, then apple might have had to sing/dance to their tune.

      Of course, they were gazing ahead with IP-dealistic dreams into the future with euro/dollar/pound-signs in their eyes...

      Now we'll never see the apple dance to music not their own...

      Sorry, I'm drunk

    2. Palpy

      Yes. Trying, at least.

      On one side we have fearless advocates of connecting everything to the IoT, including the local nuke plant. On the other side, we have fearful sec bods saying IoT is woefully insecure. From 2014:

      "HP says 70% of tested IoT devices don't encrypt Internet and local network communications, with half of their applications lacking transport encryption. For 60% of devices, manufacturers haven't ensured that software updates are downloaded in a secure manner, in some cases enabling attackers to intercept them.... As far as Web interfaces are concerned, six of the ten products are plagued by persistent cross-site scripting (XSS) vulnerabilities, easy-to-guess default credentials, and poor session management. Flaws in the cloud and mobile apps of 70% of devices can be exploited to determine valid user accounts through the password reset feature or account enumeration."

      And of course you don't get secure devices by leaving vendors to, er, their own devices. You enforce compliance. Lock 'em out if they can't comply.

      So yes: at least Apple is TRYING to take a firm line on security.

      1. Anonymous Coward
        Unhappy

        Re: Yes. Trying, at least.

        You do know you can have security without propriety hardware and software?

        1. Palpy

          Re: security without proprietary hardware and software

          Sure, of course. The point is with respect to IoT gear is that every study I've read shows that manufacturers are NOT making secure devices. So if Apple doesn't want HomeKit to be insecure they -- yes, exactly -- have to enforce security from the top down. If you're interested in the topic, search on "IoT device security reports" or similar.

        2. gnasher729 Silver badge

          Re: Yes. Trying, at least.

          No security if the manufacturer can get away with it. Apparently with HomeKit, they can't. No security, no HomeKit sales.

  6. DerekCurrie
    Go

    If Apple's Obsessive Compulsive Security Mandates Pay Off...

    .. Then Apple will effectively RULE the Internet of Things. So far, the security in IOT devices has been almost utter crap, making the venture dangerous and detrimental. Bravo if Apple can pull this off! Grin and bear it through the bleeding edge everyone. (^_^)

  7. Kevin McMurtrie Silver badge
    Stop

    Apple's landfill chip

    This all sounded good until the iCloud part. That's an unacceptable instability, unacceptable risk of leaked personal information, unacceptable planned obsolescence, and unacceptable single point of attack for all HomeKit devices. The irony is that entirely depending on iCloud makes them exactly the opposite of cloud devices. This is classic client-server pairing with a proprietary protocol. There will come a day when Apple says your HomeKit devices are no longer supported - maybe before the warranties are up.

    1. Dan 55 Silver badge

      Re: Apple's landfill chip

      Not forgetting that iCloud is up and down like a tart's knickers. Are my heating and locks going to suddenly stop working when iCloud has had a funny turn again?

      Well, I say my heating and locks but I won't be touching this with a bargepole. I mean the fool who buys this' heating and locks.

      1. g e

        Re: Apple's landfill chip

        iCloud

        iSilo

        FTFY

  8. Mark 65

    Hmmm

    "all data from HomeKit products runs through Apple's iCloud"

    No thanks.

  9. msknight Silver badge

    So...

    Is, "open" the new, "closed," or is, "closed," the new, "open?"

    1. Anonymous Coward
      Unhappy

      You can do anything you want, so long as you do exactly as we say and to our design specs.

  10. Will 20

    Seems Apple are being very sensible. None of the manufacturer's name is on the kit. It's APPLE Home kit. You are entrusting APPLE with your home automination. Apple will be selling it to their customers and will be getting the shit if it goes wrong.

    1. Brenda McViking

      They're being sensible insofar as they realise that security will come back to bite them if they don't do something, and that currently, the lack of IoT security is a disaster waiting to happen.

      But being apple, what they do is lock-in, walled garden, proprietary protocols, extorsion of suppliers, give the middle finger to developing open standards, and try and put it all through their oh-so-infallible cloud that-isn't.

      It really probably will kickstart IoT, because I'm just thinking who the hell would be moronic enough to buy this stuff? Which ties in exactly to the obligatory xkcd.

  11. Anonymous Coward
    Anonymous Coward

    Is the chief scientist on the project Dr Charles Forbin ?

  12. Irongut

    "give a device a name - like, say, "kettle" for a smart-socket connected to an electric kettle. So saying "turn on, kettle" into your iPhone would result in your kettle turning on."

    Except it won't. The socket the kettle is connected to will turn on but someone will still need to walk into the kitchen to turn the actual kettle on.

    1. d3vy

      "someone will still need to walk into the kitchen to turn the actual kettle on."

      In that case you'll want the new iKettle.

  13. Chris 155

    Worst Case Scenario, Really?

    The worst case scenario is that someone will "hack" your door lock?

    As if they can't enter your house in about 3 seconds with a brick.

    1. Kevin McMurtrie Silver badge

      Re: Worst Case Scenario, Really?

      Somebody wasting their time hacking my WiFi and LAN all day would not be so bad. I'd probably notice it and power everything off before it finished. iCloud integration possibly enables silently hacking millions of devices at once and then selling access to anyone on demand. Just search the Internet for "icloud hacked" if you're not worried yet. At the very least, iCloud seems easy to knock offline.

      I don't recommend anyone enter my house using a brick. The dog won't like it.

      1. Anonymous Coward
        Anonymous Coward

        Re: Worst Case Scenario, Really?

        and my .223 gets really anxious when someone shows up unannounced in my living room. So does the Mossberg 500!

        Neither can be bribed with food or poisoned like a dog.

  14. Oli 1

    "customers were not happy when they discovered they would have to buy a whole new product for it to work with HomeKit."

    Ccannot stop laughing, if you are stupid enough to go in for Apples abuse you deserve everything you get

  15. SImon Hobson Silver badge

    As per some of the earlier comments - enforcing security=good.

    But this is enforce security in Apple's way, in a way that requires Apple kit to work, won't interoperate with anything else, and will become obsolete when Apple decide it is obsolete - which you can absolutely guarantee from past experience will not be when the hardware is very old. That's a crapload of negatives - but as also said, it'll probably sell because ... well it's Apple isn't it.

    So overall I reckon this is at least as bad for the market as it is good. Apple could have mandated security standards, supported the manufacturers in that, and still supported interoperable and open standards. But this is Apple, so they do what they do best - build in non-standards to lock out the rest of the market.

    I, for one, won't be buying any of it.

  16. razorfishsl

    It's the 'direct connection' to apple for EVERY device, that clearly shows what they are up to.

    They want no 'black boxes' in your privacy, they need every ounce of information so they can clearly profile you.

    So you used 300 gallons of water this month, on what?

    By getting into every item directly, they get a breakdown on that figure.

    I love home automation, but I'm not about to allow some tosser like apple to get a direct encrypted datalink to every installed device in my home.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021