HomeKit’s Stringent Security Requirements
Aaron Tilley (in 2015, via John Gruber):
Apple allows for either WiFi or Bluetooth low energy (LE)-enabled devices to get certified as a HomeKit accessory. Apple is requiring device makers using both WiFi and Bluetooth LE to use complicated encryption with 3072-bit keys, as well as the super secure Curve25519, which is an elliptic curve used for digital signatures and exchanging encrypted keys.
[…]
Another source who requested anonymity to protect his relationship with Apple said lag times reached 7 minutes when his company’s device tried to use the HomeKit protocol through Bluetooth LE. According to the source, chipmakers like Broadcom BRCM +% and Marvell are revamping their Bluetooth LE chips to better handle the level of encryption required by Apple.
[…]
All of this pain, however, could be a boon for the smart home industry, especially on the security side. The industry has had to contend with a reputation for lackluster security.
