Skip to main content

Apple’s tough security requirements for Bluetooth LE are delaying HomeKit roll-out, say manufacturers

If you were wondering why manufacturers seemed to be rather slow in launching HomeKit-compatible devices, it may all be down to Apple’s stringent security requirements. Forbes reports that manufacturers are finding it hard to incorporate the extremely secure encryption standards demanded by Apple in order to achieve MFi certification for their products.

Apple is requiring device makers using both WiFi and Bluetooth LE to use complicated encryption with 3072-bit keys, as well as the super secure Curve25519, which is an elliptic curve used for digital signatures and exchanging encrypted keys.

While mains-powered WiFi kit is coping, the processing workload in battery-powered Bluetooth LE devices is leading to extremely slow response times, say manufacturers … 

Elgato said that its first attempt to implement the security standards in a Bluetooth-activated door lock resulted in the system taking a full 40 seconds just to determine whether the door was open or closed – an impossible timelag for a system designed to unlock automatically on approach.

Another manufacturer, which declined to be named, said that it saw processing times of up to seven minutes when using standard Bluetooth LE chips.

Elgato says that it solved the problem by tweaking the firmware and adding additional RAM, and that it will make its solution available to other manufacturers – at a price. Chipmakers Broadcom and Marvell are both said to be working on new Bluetooth LE chips able to handle the tougher processing requirements.

Security experts say that it is, however, good news. Bluetooth was originally designed with low-level security, and much concern has been expressed about the potential vulnerability of smart home devices if targeted by hackers. Diogo Monica, a security lead at Docker and an IEEE security expert, told Forbes that regular Bluetooth is “not secure” and it is in everyone’s interests that Apple is forcing the issue.

With the Internet of Things happening, I think Apple’s HomeKit standard enforcing manufacturers to adopt this standard is amazing for the final consumer.

The first HomeKit devices started shipping at the beginning of June, while many other manufacturers of smart home products say they won’t be launching until later in the year.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. This is good news; I’d rather they take their time perfecting and making security better rather than release insecure products to secure your house!

  2. Luis Alejandro Masanti - 9 years ago

    That’s one of the things I appreciate of Apple: They risk ‘bad press’ (not your case) and ‘delays’ to ‘make it right’!
    Once the device/protocols are out there… the weakest link always will break… will be break!

  3. lkernan - 9 years ago

    The problem with most manufacturers is that they will use this super secure Bluetooth, then leave a serial terminal wide open somewhere else…

    • nelson1112233 - 9 years ago

      And you think they will get “made for iPhone” certification?

  4. lkrupp215 - 9 years ago

    Manufacturers can’t be bothered with security. Get the product out the door and deal with it later. News at eleven. Kudos to Apple for holding their feet to the flame.

    • Luis Alejandro Masanti - 9 years ago

      With all due respect, what you said is what happened to some many products that then can’t be fixed.
      Better to get it right from the start that delivering it soon.

      • chickenandporn - 9 years ago

        seems like you guys are agreeing: get it right from the start, and thanks to any company that highlights the desired behavior as a carrot for improving.

        That’s a subtle side element here: the certification has value, and currently it’s an elite group, so there is benefit to a company for coming up to par, hence it’s a carrot, not a stick.

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications