The Register reports Apple is demanding hardware makers use HomeKit certified chipsets and specialized firmware for security reasons (also reported here). It observes that vendors are unhappy, complaining this increases costs and slows down design – but they should quit moaning and deliver secure solutions out of the box.
Right now they do not. That’s the information you get reading last year’s HP Fortify report, which told us hardly any of the solutions providers eager to get you to send a few hundred dollars in their direction had paid much attention to security affairs.
Age of stupid
Many existing connected Internet of Things (IoT) devices rely on no password or insecure passwords such as 1,2,3,4. Many are impossible for users to change – but provide a gateway into a person’s home network all the same.
"A couple of security concerns on a single device such as a mobile phone can quickly turn to 50 or 60 concerns when considering multiple IoT devices in an interconnected home or business,” said HP Fortify.
This is why you as a consumer should be able to rely on those platforms you choose to deploy in your smart home. You don’t want hackers accessing your bank account simply by packet sniffing traffic on your wireless network thanks to a subverted smart home appliance. And while manufacturers should care about customer security from day one, it’s clear that at this stage of the evolution of IoT they don’t.
Smart home device makers can cry as much as they like at Apple’s insistence they deliver the security our connected future requires. I say the onus is on them to deliver secure solutions out of the box.
The challenge isn’t just data security but data privacy.
You’d be surprise the number of IoT solutions developers who want to gather information about you (see if you can guess one such developer yourself).
HomeKit prevents this by insisting all data from HomeKit products goes through iCloud and is controlled by your Apple ID. Manufacturers don’t get any access to your private data.
This may mean little to you right now, but in the absence of adequate security and privacy safeguards, everything you do in your future smarthome will be hackable, monitored, tracked and shared.
Are you an extra?
Some may see this as a reasonable compromise in exchange for some kind of convenience, but I believe the consequences of this undermining of personal privacy will turn us all into bit part characters in a ghastly dystopian version of The Truman Show.
Please remember this in the days ahead as you read about all those poor manufacturers (cuddly consumer champions all) and their struggle to comply with ‘controlling’ Apple’s insistence they make their products secure. Recall this when considering the customary bad press Apple suffers as a result.
IoT device manufacturers should shut up and get on with it. If they are tech-savvy enough to build a connected device they should be savvy enough to have already understood the need to put security and privacy in their design briefs when they first sketched their connected teapot on the back of an envelope. That they did not do so reflects far more badly on them than it does on Apple.
We need Apple (and anyone else pretending to introduce a smarthome ecosystem) to ensure such protection. Otherwise we’ll all become extras in our own biographies. And that won’t do.
Google+? If you use social media and happen to be a Google+ user, why not join AppleHolic's Kool Aid Corner community and join the conversation as we pursue the spirit of the New Model Apple?
Got a story? Drop me a line via Twitter or in comments below and let me know. I'd like it if you chose to follow me on Twitter so I can let you know when fresh items are published here first on Computerworld.