Apple's chip, firmware security demands behind HomeKit delays Wondering where all the Apple HomeKit products are? Well, here's an explanation: Apple is forcing internet-of-things companies to fit Apple-certified chips and firmware in their gadgets if they are to work with the HomeKit platform. That means, in a lot of cases, engineers must effectively redesign their products to …
Why worry?
It is just a way to sell more Apple branded items to support an alleged 'need' I for one do not have using a device I will never want and never use.
It is like all the wonderful steps they have taken so far, they are selling snake oil to those who buy dreams. To those not in their club they are close to or less than nothing.
I have never owned anything Apple, never missed anything Apple and will never want anything Apple, so for me it is of no interest.
Some home automation could have very limited value, but note the words 'home automation'. I don't want, don't need and have no use for a so called smart phone so why buy a smart phone extension from any source?
A remote to control in home thermostats, might replace legs one day - the old ones are getting old, but probably by then the need, interest and the capability to care or understand will have gone.
I kind of feel they probably should have agreed a set of security and interoperability protocols among themselves long ago, something using an agreed upon open standard maybe, then apple might have had to sing/dance to their tune.
Of course, they were gazing ahead with IP-dealistic dreams into the future with euro/dollar/pound-signs in their eyes...
Now we'll never see the apple dance to music not their own...
Sorry, I'm drunk
On one side we have fearless advocates of connecting everything to the IoT, including the local nuke plant. On the other side, we have fearful sec bods saying IoT is woefully insecure. From 2014:
"HP says 70% of tested IoT devices don't encrypt Internet and local network communications, with half of their applications lacking transport encryption. For 60% of devices, manufacturers haven't ensured that software updates are downloaded in a secure manner, in some cases enabling attackers to intercept them.... As far as Web interfaces are concerned, six of the ten products are plagued by persistent cross-site scripting (XSS) vulnerabilities, easy-to-guess default credentials, and poor session management. Flaws in the cloud and mobile apps of 70% of devices can be exploited to determine valid user accounts through the password reset feature or account enumeration."
And of course you don't get secure devices by leaving vendors to, er, their own devices. You enforce compliance. Lock 'em out if they can't comply.
So yes: at least Apple is TRYING to take a firm line on security.
Sure, of course. The point is with respect to IoT gear is that every study I've read shows that manufacturers are NOT making secure devices. So if Apple doesn't want HomeKit to be insecure they -- yes, exactly -- have to enforce security from the top down. If you're interested in the topic, search on "IoT device security reports" or similar.
.. Then Apple will effectively RULE the Internet of Things. So far, the security in IOT devices has been almost utter crap, making the venture dangerous and detrimental. Bravo if Apple can pull this off! Grin and bear it through the bleeding edge everyone. (^_^)
This all sounded good until the iCloud part. That's an unacceptable instability, unacceptable risk of leaked personal information, unacceptable planned obsolescence, and unacceptable single point of attack for all HomeKit devices. The irony is that entirely depending on iCloud makes them exactly the opposite of cloud devices. This is classic client-server pairing with a proprietary protocol. There will come a day when Apple says your HomeKit devices are no longer supported - maybe before the warranties are up.
Not forgetting that iCloud is up and down like a tart's knickers. Are my heating and locks going to suddenly stop working when iCloud has had a funny turn again?
Well, I say my heating and locks but I won't be touching this with a bargepole. I mean the fool who buys this' heating and locks.
They're being sensible insofar as they realise that security will come back to bite them if they don't do something, and that currently, the lack of IoT security is a disaster waiting to happen.
But being apple, what they do is lock-in, walled garden, proprietary protocols, extorsion of suppliers, give the middle finger to developing open standards, and try and put it all through their oh-so-infallible cloud that-isn't.
It really probably will kickstart IoT, because I'm just thinking who the hell would be moronic enough to buy this stuff? Which ties in exactly to the obligatory xkcd.
"give a device a name - like, say, "kettle" for a smart-socket connected to an electric kettle. So saying "turn on, kettle" into your iPhone would result in your kettle turning on."
Except it won't. The socket the kettle is connected to will turn on but someone will still need to walk into the kitchen to turn the actual kettle on.
Somebody wasting their time hacking my WiFi and LAN all day would not be so bad. I'd probably notice it and power everything off before it finished. iCloud integration possibly enables silently hacking millions of devices at once and then selling access to anyone on demand. Just search the Internet for "icloud hacked" if you're not worried yet. At the very least, iCloud seems easy to knock offline.
I don't recommend anyone enter my house using a brick. The dog won't like it.
As per some of the earlier comments - enforcing security=good.
But this is enforce security in Apple's way, in a way that requires Apple kit to work, won't interoperate with anything else, and will become obsolete when Apple decide it is obsolete - which you can absolutely guarantee from past experience will not be when the hardware is very old. That's a crapload of negatives - but as also said, it'll probably sell because ... well it's Apple isn't it.
So overall I reckon this is at least as bad for the market as it is good. Apple could have mandated security standards, supported the manufacturers in that, and still supported interoperable and open standards. But this is Apple, so they do what they do best - build in non-standards to lock out the rest of the market.
I, for one, won't be buying any of it.
It's the 'direct connection' to apple for EVERY device, that clearly shows what they are up to.
They want no 'black boxes' in your privacy, they need every ounce of information so they can clearly profile you.
So you used 300 gallons of water this month, on what?
By getting into every item directly, they get a breakdown on that figure.
I love home automation, but I'm not about to allow some tosser like apple to get a direct encrypted datalink to every installed device in my home.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
