DDoS attack: Apple’s HomeKit for a safer smarthome

Convenience demands vigilance

Apple, Mac, HomeKit, iOS, DDoS, Philip K Dick, Ubik, angzhou Xiongmai Technology
Portland General Electric/Flickr

Philip K Dick saw the future when he wrote Ubik in '69, a place in which artificially intelligent infrastructure took control. Today we are building the Internet of Things, and the recent massive DDoS attack in which DVRs and connected cameras made by Hangzhou Xiongmai Technology were subverted to create a giant attack on the Internet is not an exception, but a warning of what to expect.

Warning signs

Two years ago I warned you this could happen. I cited an HP Fortify survey that warned around 70 percent of connected devices were vulnerable to attack.

The Hangzhou Xiongmai Technology botnet tells us these attacks have now begun. This is serious stuff.

Poorly protected connected devices are all some hackers need to climb inside your network, bank account, home, personal and professional life, even the Internet itself. You have been warned.

Question different

As a consumer you are responsible for the security of your connected home. This means that when purchasing connected devices you shouldn't just read the large print evangelizing the solution, but also read the small print. You must ask questions like:

  • What security protection exists on this device?
  • How can I set passwords? How secure are these?
  • What happens to data about me gathered by this system?
  • Where is that data stored?
  • Which country and what data protection exists in that location and on the journey to that location?
  • Who can access this information?
  • How can I control the information that is shared about me?
  • How can I delete information I do not choose to share, or no longer wish to share?

The bottom line is that consumers need to know the bottom line. If the security protection inside the devices that broke the Internet last week had been robust, and understood, then the attack would have failed. It makes things no better that we do not know if the Chinese firm involved also makes devices sold elsewhere under different brand names. How can we stop such attacks happening again if we don't know which products we need to take offline?

Apple's better way

Apple has spent time thinking this through. This is why it insists devices sold as being compatible with HomeKit implement tough security and privacy protections. These include end-to-end encryption, secure chips, and a range of other security measures. Apple wants you to know that when you do use HomeKit kit you are less likely to be attacked, or to see information about you subverted in unexpected ways.

The benefits of this approach are tangible. Your kettle is unlikely to start emailing you advertising; your fridge probably won't be distributing fizzy drink and factory-farmed burger discount codes to your children, and hackers won’t be breaking into your bank account or home. Even with Apple, the connected age demands constant vigilance, you need to keep products updated and secure, however, unlike some others in the space, Apple wants to make it easy for you to do so.

Apple’s insistence on such protection is why the HomeKit ecosystem has been slow to proliferate. Manufacturers just want to rush products to market as cheaply as possible, and hang the consequences. That’s why the security problems that enabled the Mirai attack to take place exist.

Privacy matters

There is also the question of data ownership. Lots of people want access to data gathered by connected devices, but they don’t want you to control their access to it, as UK MP, Chi Onwurah notes here.

Despite strong resistance from the pro-surveillance elements of government, Apple’s approach to this is to gather as little data about you as possible, which is another reason some manufacturers have been slow to adopt HomeKit. The end result is that if you want to avoid future DDoS attacks on your Internet infrastructure (or energy infrastructure, come to that) you’d best choose HomeKit support in your connected home.

Google+? If you use social media and happen to be a Google+ user, why not join AppleHolic's Kool Aid Corner community and join the conversation as we pursue the spirit of the New Model Apple?

Want Apple TV tips? If you want to learn how to get the very best out of your Apple TV, please visit my Apple TV website.

Got a story? Drop me a line via Twitter or in comments below and let me know. I'd like it if you chose to follow me on Twitter so I can let you know when fresh items are published here first on Computerworld.

Copyright © 2016 IDG Communications, Inc.

Shop Tech Products at Amazon