Apple Makes a Strong Push for the Internet of Things, But Will It be Secure?

Apple held its annual Worldwide Developer’s Conference this past Monday. The conference saw a lot of new announcements, including a new version of OS X, iOS 8 and variety of interweaving features between the two operating systems.

It’s one of these interweaving features that caught my attention. It’s called HomeKit, and it’s Apple’s attempt to help lay the foundation for the future of “Smart Homes.”

Smart Homes, for the uninitiated, is a term used to describe automated homes. Theoretically, these homes would be able to automate a variety of tasks, ranging from adjusting the heat and air conditioning, to locking doors, adjusting lights and opening and closing garage doors. It isn’t too hard to imagine this automation extending to vacuum cleaners (think the Roomba robot), remote webcams or lawn mowers in the near future. Currently, 34% of home security system owners control their security systems via their smartphone.* If Apple has its way, this number is about to get a lot bigger.

But right now there is a problem with the Smart Home: there are too many competing elements of it. Currently, each automated smart home device has its own application or computer program to manage the connected device.

Apple is attempting to solve that problem by promoting HomeKit, which aims to be the underlying language used by smart home developers. It’s a good solution, but one question remains: how secure will it be?

Apple has said that its platform “securely pairs” HomeKit-based devices with an iPhone owner. How secure this pairing is exactly, we’re not sure, but we’ll likely learn more as developers get hands-on time with the platform.

A centralized hub used to organize a network of devices interlocked through the Internet—an Internet of Things (IoT), if you will—is a smart idea from a usability perspective. Good usability, after all, tends to be Apple’s bread and butter. But that centralized hub will need to be locked down and secured, lest any of those devices become infected with malicious software—often referred to as malware.

Malware on IoT connected devices, while rare, is possible. Infected IoT devices (as I’ve discussed before) are used to do everything from spying on victims to using infected devices to mine virtual currencies such as Bitcoin. Depending on how HomeKit works, and the security parameters that are built into this new technology, hackers may be able to find ways to hijack devices for illicit purposes.

More troubling is the possibility of hackers gaining control of a user’s HomeKit ID or “remote” (the mobile device itself). If that took place, a hacker could theoretically manipulate a HomeKit user’s home. Lights could be flicked on and off, heaters could be put too high, and doors, if they have any remote controlled “smart lock,” could be unlocked at a whim. Such attacks have taken place. Additionally, if your phone is stolen, hackers may be able to access your home with the built in geofencing functionality, as HomeKit will allow users to trigger any compatible device when their iPhone enters or leaves a specific location.

But Apple could change the security landscape when it comes to the Smart Home. We’ll have to wait and see.

  • When possible, protect your devices with a password. Many current IoT devices come with passwords pre-loaded into the system. These passwords won’t keep you secure. When you can, be sure to make your own unique password to lock down your Smart Home and devices.
  • Be careful when granting third party apps access. Convenience should not override security, especially your physical security. Think twice before granting apps access to your device. Malicious apps may be able to view the data on your device and access your Smart Home control panel.
  • Do your research. Read an IoT company’s security policy before purchasing a new smart device—as it may have critical weaknesses. If you have any doubts about the security of the device, consider contacting the manufacturer for additional clarification.
  • Protect your mobile devices. Apple is hoping to push control of Smart Homes to mobile phones. If Smart Homes become commonplace, protecting your smartphone will become as critically important.  Our free app, McAfee Mobile Security, can be installed on both Android and iOS devices. On iOS devices, McAfee Mobile Security will allow you to remotely wipe your device in the event that it is lost or stolen, stopping hackers from gaining access to your personal information or your home (in the event that you use your mobile to control IoT devices in your home).

For more on the growing Internet-of-Things and the security considerations that come along with it, follow @McAfeeConsumer on Twitter and Like us on Facebook.

*Source: The Futures Company, McAfee and ADT Online and Offline Lifestyles Study, Dec 2013

Gary Davis

Leave a Comment

2 × four =