HomeKit, Apple’s platform for the connected home, sounds terrific on paper. In reality, HomeKit is like CarPlay, another Apple platform plagued with slower than expected rollout.
There are currently only five HomeKit-compatible accessories on the market: the Ecobee3, Elgato Eve, iHome iSP5 SmartPlug, Insteon Hub and Lutron Caseta Wireless Lighting Starter Kit.
A new report alleges that wider HomeKit adoption is being held back by Apple’s stringent encryption requirements. Apparently, Bluetooth chips currently available on the market and certified for HomeKit just can’t handle Apple’s super strong encryption without degrading the experience.
As Forbes reported Wednesday, Apple imposes a high level of encryption on HomeKit accessory makers in order to prevent eavesdropping and protect the privacy of its users. Apple’s focus on privacy, however, has created unacceptable levels of lag in prototype Bluetooth products whose chips have sub-par processing capability.
In one example, a prototype Bluetooth sensor by Elgato, one of HomeKit backers, was taking up to 40 seconds to determine if a door was open or closed. An anonymous source said lag times reached an unbelievable seven minutes when another prototype device tried to use the HomeKit protocol through Bluetooth LE.
For what it’s worth, Elgato has found a workaround for Bluetooth LE encryption woes by tweaking the firmware and adding additional on-chip memory to handle the encryption.
Fortune said in May that Apple delayed HomeKit until fall because the code base “blew up” as it required way too much memory for battery-powered devices, prompting Apple to go back to the drawing board to “shrink the code back down to size.”
That HomeKit code documentation is “shifting” isn’t helping either.
“One HomeKit developer said it really didn’t seem like Apple was working on the HomeKit code until after the launch of the Apple Watch,” Forbes writes. Another source said the HomeKit code didn’t even get to a point until a couple months ago where it was ready for device makers to start sending in their products to Apple for certification.
“This is one of those things that Apple does,” another source told the publication. “They force an issue. It’s like that here. Regular Bluetooth has an issue — it’s not secure.”
Diogo Monica, a security lead at Docker and an IEEE security expert, called Apple’s security protocols “bleeding edge,” but cautioned that Bluetooth LE wasn’t really built for security.
“Bluetooth is not designed to be secure,” said Monica. “I would not rely on the base layers of the protocol to provide security.”
Anyways, the processing requirements imposed by the high levels of Apple-mandated encryption should be addressed by next-generation Bluetooth chips by Broadcom and Marvell, which will be re-engineered to better handle Apple’s encryption requirements.
Apple is also well aware of these problems, said the source.
In the meantime, it may be a good idea to pass on the first wave of HomeKit products until these issues get sorted out. I mean, a smartlock that makes you wait 40 seconds before it opens is useless.
I certainly don’t expect HomeKit accessory to exhibit a noticeable lag.
While Apple should be definitely commended for taking privacy seriously, folks at Cupertino should’ve thought twice before certifying Bluetooth chips that lack the required oomph to handle 3,072-bit encryption keys, especially given it’s been more than a year since HomeKit was first introduced.
In addition to super strong 3072-bit keys, Apple also requires that Wi-Fi and Bluetooth HomeKit devices support the secure Curve25519 protocol, basically an elliptic curve used for digital signatures and exchanging encrypted keys.
With iOS 9, Apple is introducing more HomeKit enhancements such as new types of sensors like windows shades, carbon monoxide sensors, motion sensors and dedicated security systems, while bringing out the ability to remotely control HomeKit hardware through iCloud.