What's special about Apple Homekit?

[NeverDie]

There was some interesting banter on the CastleHUB thread about Apple Homekit, but practically no information at all outside that thread.    I tried looking up Homekit on the internet, but it appears there's not yet much info available.  CEPro says Homekit is mainly a Siri interface to existing HA standards, such as z-wave (http://www.cepro.com/article/5_things_to_know_about_apple_homekit/).  Does that accurately sum it up, or is there more to  it than that?

 

[BLH]

I know Smartlabs is in the process of manufacturing a new HUB Pro and iOS app. For the Apple Homekit.

 

[jkmonroe]

There are two components to this - mFi licensed hardware devices, and the HomeKit API.  iOS apps use the HomeKit API to talk to the mFi licensed devices.  The Insteon Hub, for example, is mFi licensed and the Insteon iOS app uses the HomeKit API to talk to it.
 
In the other thread, pvrfan got it right.  There is very little chance that software programs will be able to integrate with HomeKit (as confirmed by the Indigo dev).
 
HomeKit isn't going to be compatible with Internet facing things, either, which includes devices on WiFi.  The only thing I am unclear on is the HomeKit Bridge, which is supposed to 'bridge' other devices, but what little I can find about it say that the bridged devices will also require mFi licenses.

 

[pvrfan]

Overview after last year's into:
http://www.cnet.com/news/apple-introduces-homekit-for-ios-8/
 
Links to more specific articles related to HomeKit (note the product announcements from CES 2015):
http://www.imore.com/homekit
 
Siri voice control is the sexy demo to get people excited about HomeKit.  The developer material, however, stresses that simplicity, security and reliability are critical.  All HomeKit accessories (garage door opener, thermostat, etc) are required to use an Apple-licenced chip that implements secure communication, even across the internet.  Apple is keeping its cards close to their chest but it is widely believed that the Apple TV will facilitate communication to/from the internet.  Your devices are not controlled by the cloud; your iPhone (or iPad) looks up the address of your AppleTV (much like a dynamic DNS service) and then relays the messages to/from your device through the Apple TV.  An Apple TV is itself an iOS device, after all.
 
"HomeKit" as announced at last year's WWDC is a software framework, included in iOS 8, that controls and interfaces with your devices.  iOS application developers are creating applications using HomeKit services.  Such developers got a simulator at last year's WWDC to help start writing apps while each of the hardware devices are being engineered.  Hardware manufacturers must be accepted into Apple's Made for iOS program to get access to implementation details and receive a licence for the chip.  There are strict non-disclosure agreements; violate them and MFi certification will be yanked.
 
It is widely expected that there will be considerably more info released at this year's WWDC in June.  Likely with an initial wave of products available for purchase.  That's speculation, though.  Apple has major initiatives going with video distribution (HBO Now), music streaming, CarPlay, etc.  Who knows what else may also be in the pipeline.  And, of course, the Apple Watch launch.  It is not impossible that HomeKit won't get much keynote time.  OTOH, there are sure to be a bunch of developer-oriented sessions.
 
Craig

 

[pvrfan]

I should expand about security a bit.  Security with existing home automation protocols ranges from good to non-existant.  HomeKit is designed to be secure from the get-go and built with hardware-assisted encryption in every device.  Looking at it from Apple's perspective, they can't do any less.  A major security breach via HomeKit would be enormously expensive to their brand (and market valuation).  Its also good for users.
 
I believe security is why bridges to other existing protocols are likely to be extremely limited.  Any device that currently needs/uses WIFI or BLE apparently is required to be re-engineered to be a full-fledged HomeKit accessory.  Only simple sensors and the like (Z-Wave, Zigbee,  others?) will be allowed to be bridged.  If Apple permitted other devices to be bridged (say a garage door opener) and it was compromised, HomeKit could get blamed.  Again, none of this is official from Apple but it does seem to make sense.
 
Craig

 

[Dean Roddey]

I'm not sure I actually see the benefit of the security. A secure system is only as strong as its weakest point, which is going to be the phone that they will de facto require as a client. Unless you have to log into the Homekit system every time you want to do something, and that login is separate from the one required to get into your phone, then your home automation system is only as safe as your phone is, right? Given that your phone is exposed to the entire outside world and taken outside the home and left lying around in various places and such, how actually secure is such a system? Given these systems (I don't think) be about customized user interfaces that limit what you can do, i.e. they'll just provide browseable, open access to any of your devices, once someone get into your phone they would have carte blanche basically.
 
What am I missing there?

 

[jkmonroe]

No disagreement, but same argument as if one were to get your passwords, or your keys, or your security disarm code, etc ...

It would be easier for someone to steal my BMW than my iPhone.

But I would assume that Apple will have a mechanism to disallow devices - linked to your Apple ID, of course.

 

[damage]

No disagreement, but same argument as if one were to get your passwords, or your keys, or your security disarm code, etc ...

It would be easier for someone to steal my BMW than my iPhone.

But I would assume that Apple will have a mechanism to disallow devices - linked to your Apple ID, of course.

 
the device to device communication may be "secure" but that's no guarantee the system is secure.  as Dean said, things are as secure as the weakest link. they might not even need your iphone, maybe only your apple password and then they have the keys to the kingdom. and we know from kate upton's & jennifer lawrence's icloud experience that even apple passwords can be gotten.    and there will continue to be more and more attempts to get login credentials. this is over 2 years old but check out how someone's apple credentials were pilfered: http://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/

 

[ChrisCicc]

Dean you're absolutely right about the weakest link. But that will always be the human, so software needs to find ways to mitigate it as much as possible...
 

In the other thread, pvrfan got it right.  There is very little chance that software programs will be able to integrate with HomeKit (as confirmed by the Indigo dev).

 
This is not correct. HomeKit is available openly via an Apple provided API to any home automation app on iOS 8. 
 
I do not like talking about active competitors, but there is a reason the are making the the claim that they are. They don't have a fully developed iOS 8 app, so they can't implement the functionality (yet). 

 

[Dean Roddey]

With a CQC-like system, you can at least limit the damage. Since there are separate accounts for users vs. admins, as long as you never use any but a limited user account on your phone, the worst they can do is access the default template you have configured for your account, and that's all they can access. Whatever that template allows is the limit to what can be done. You can keep your administrative accounts for within the home use, not used on phones.
 
And of course with something like CQC there's a separate login required, so just because they get your phone doesn't get them into your automation system. I don't know if HomeKit works like that or if it assumes if you authenticate on the phone then you have full access to the system. Given the desire to make it as easy as possible, I wouldn't be that surprised if security took a back seat and phone login means you have access. But maybe it's not like that.

 

[ChrisCicc]

I don't know if HomeKit works like that or if it assumes if you authenticate on the phone then you have full access to the system. 

 
IIRC the HomeKit database authenticates through the phone's authentication, but a HomeKit enabled app can add an extra factor of authentication.

Of course, if a bad guy has the phone and has unlocked it, all bets are off anyways...

 

[BobS0327]

Just a FYI
 
Reference...  Mastering iOS Frameworks: Beyond the basics second edition http://ww.amazon.com/Mastering-iOS-Frameworks-Edition-Developers/dp/0134052498
 
Homekit authentication is handled by the iCloud Keychain security framework.  To quote the book...
 

If the user is signed into an iCloud account on the device but has not turned on iCloud Keychain, HomeKit will prompt the user to turn on iCloud Keychain to allow access to HomeKit from all the user’s iOS devices, as shown in Figure 8.4. If iCloud Keychain is not enabled, HomeKit will not function correctly and will receive an error for any HomeKit operations.

 

 

[ChrisCicc]

Just a FYI
 
Reference...  Mastering iOS Frameworks: Beyond the basics second edition http://ww.amazon.com/Mastering-iOS-Frameworks-Edition-Developers/dp/0134052498
 
Homekit authentication is handled by the iCloud Keychain security framework.  To quote the book...

 
Yup, so the question automation apps need to ask, is presuming the user doesn't have a lock screen enabled, should they force an additional factor of authentication? This is what Dean and I think about  

 

[pvrfan]

I'm not sure I actually see the benefit of the security. A secure system is only as strong as its weakest point, which is going to be the phone that they will de facto require as a client. Unless you have to log into the Homekit system every time you want to do something, and that login is separate from the one required to get into your phone, then your home automation system is only as safe as your phone is, right? Given that your phone is exposed to the entire outside world and taken outside the home and left lying around in various places and such, how actually secure is such a system? Given these systems (I don't think) be about customized user interfaces that limit what you can do, i.e. they'll just provide browseable, open access to any of your devices, once someone get into your phone they would have carte blanche basically.
 
What am I missing there?

 
You're missing TouchID:
 

Touch ID
Security. Right at your fingertip.
Your fingerprint is the perfect password. You always have it with you.

 
http://www.apple.com/iphone-6/touch-id/
 
Craig

 

[Frunple]

Does it really matter?? The only people that are gonna use Homekit, or even care about it, are the Apple faithful. Minuscule part of the market.