GetConnected logo

Apple Goes All-In On HomeKit Privacy


With some recent surprise announcements, Apple is positioning itself as the smart home platform for privacy-conscious consumers. Here’s what you need to know as an IoT developer.

Apple went big on privacy at this year’s Worldwide Developer Conference (WWDC), its annual get-together for developers working within the Apple ecosystem.

Features like “Sign-in with Apple” and a new fork of iOS for iPad grabbed the consumer headlines, but it’s the HomeKit features we’re especially interested in. Some feel Apple has been neglecting HomeKit for a while now, but these surprising announcements show an awful lot has been happening behind closed doors. The end result remains to be seen but is arguably the most secure and robust smart home solution for IoT devices.

Addressing security at router level

Some IoT devices suffer from a poor security reputation especially in the consumer space. Stories such as a casino being hacked through a connected fish tank or the recent allegations that Amazon employees listen in and share conversations people had with their Alexa smart speaker system don’t do much to help matters.

Developers attending this year’s WWDC weren’t expecting much, if anything, of HomeKit. Instead, Apple has decided to address the security concerns of the smart home at router level.

New routers that support HomeKit will in the future be firewall connected HomeKit devices. If one of them is attacked, the rest of the devices on the network are not compromised.

Read more: Why secure solutions are essential for home automation

Given Apple’s closed system, HomeKit devices are already considered some of the most secure in the smart home space. It will be interesting to see the precise details of the technical implementation, such as how user’s control devices (e.g. iPhone) will work with the firewalled accessories.

According to early news reports, the first such routers will be launched by Linksys, Euro, and ISP’s like Charter Spectrum later in 2019.

Shortcuts to build powerful behaviour scenarios

Another powerful new feature is shortcuts, which allows devices to trigger actions and events between themselves. This presents many different interesting and exciting scenarios, and is a step towards finally putting the smart into the smart home.

Such a scenario might involve the opening of door locks triggering coffee makers, home entertainment, or maybe even preparing a bath, who knows.

As an aside, the shortcuts concept of events that trigger other events autonomously has always been an integral feature of Nordic’s nRF51 and nRF52 Series SoCs. An event on the radio or an interface or peripheral can trigger events on other elements in the SoC without the need for any CPU intervention. Quite complex task sets can be created by daisy-chaining events and triggers together.

Separating home devices from the surfing, streaming and the cloud

It is an interesting and very logical move to separate out devices on the home network and keep them walled off from personal devices such as PCs and smartphones and the like.

Devices such as lights are built at a much lower cost, with devices and systems that don’t have the security resources of something like an iPhone. This can make them the target for hackers wanting to hack from afar due to their perceived greater vulnerability when permanently online to the internet.

The new HomeKit security enhancements will allow devices to remain only locally networked if desired with no cloud connection in place. This may well be the most desirable outcome for 99% of operations. Cloud connectivity can be achieved via a secure router gatewaying in only signed certificate firmware updates, and the occasional remote user control. Other than that, it operates as a walled network.

A more private video experience

Apple also announced HomeKit Secure Video, which analyses videos from smart home devices such as security cameras or webcams locally, before encrypting and uploading them to iCloud. Craig Federighi, Senior Vice President of software engineering, announced the development onstage:

“Most home cameras today send people’s video up to the cloud so it can be analysed to tell the difference, for example, between a leaf blowing in the wind and someone at your door. Unfortunately, this risks your privacy, but we have a new way. HomeKit has been designed from the outset to protect privacy and security in your home accessories.”

What this means in practice is that for video from compatible webcams, all the data analysis will be performed locally on a device such as an iPad, HomePod or AppleTV. Up until now other produces have sent video to the cloud for analysis before any action is taken.

The interesting aspect here for IoT developers is that Apple will store saved video files from HomeKit-enabled cameras to iCloud, giving users up to ten days to review them. The files will be encrypted and no-one at Apple will be able to review them.

What is interesting to note for IoT developers and especially hardware manufacturers are that this video storage will not count against the existing storage limits from a user’s iCloud account. Assuming the sales of HomeKit-enabled cameras take off and users take advantage of this service, that’s bad news for the likes of Nest and Netgear that charge a monthly fee for similar storage.

Of course, not all hardware manufacturers are going to support the HomeKit API. It will make for an interesting economic decision for many companies.


New call-to-action