Sunday, October 30, 2016

HomeKit’s Stringent Security Requirements

Aaron Tilley (in 2015, via John Gruber):

Apple allows for either WiFi or Bluetooth low energy (LE)-enabled devices to get certified as a HomeKit accessory. Apple is requiring device makers using both WiFi and Bluetooth LE to use complicated encryption with 3072-bit keys, as well as the super secure Curve25519, which is an elliptic curve used for digital signatures and exchanging encrypted keys.

[…]

Another source who requested anonymity to protect his relationship with Apple said lag times reached 7 minutes when his company’s device tried to use the HomeKit protocol through Bluetooth LE. According to the source, chipmakers like Broadcom BRCM +% and Marvell are revamping their Bluetooth LE chips to better handle the level of encryption required by Apple.

[…]

All of this pain, however, could be a boon for the smart home industry, especially on the security side. The industry has had to contend with a reputation for lackluster security.

Comments RSS · Twitter

Leave a Comment