Once upon a time, the Internet was amazing, enabling niche interests and connecting people. Apple’s iMac was the epitome of the era, while the iPhone became the prophet of change.
Now, the home is the next connected frontier, and one that should be as secure – as much as possible – as the office. That’s especially true given recent trends toward more remote work from home, where corporate data can be endangered by weak security.
What is HomeKit-secured and why should you use it?
These days hackers break into home networks using our routers and smart home devices, which is why everyone must learn how to use HomeKit-secured routers to keep their connected homes safe.
Apple announced HomeKit-secured routers at WWDC 2019. The first few devices to support the tech recently began to reach market, including options from Linksys and (now) Amazon’s Eero routers.
HomeKit-secured routers provide an additional level of defense between your connected smart home devices and the outside world. This is of benefit because by putting this ‘wall’ in place, your smart devices become a little harder to hack.
You don’t want criminals taking control of your smart locks, smart baby camera or smart anything, really, do you? You certainly won’t want them to attack your HomeKit devices in order to subvert your home network, or monitoring what your HomeKit devices do in order to figure out when your house is empty and vulnerable.
What security does this provide?
HomeKit-secured routers let you protect each of your HomeKit devices with one of three levels of protection.
Restrict to Home: The toughest setting, this restricts your devices so that they “can interact only with HomeKit through your Apple devices.” This means they have no independent access to the internet and means you must manually download software updates. But this also means no one can get to those devices unless they take control of your device.
Automatic: The default option allows for limited internet access with connections restricted to those “recommended by its manufacturer.”
No Restriction: This is pretty much what it says. It is the least secure option that provides no protection at all. I wouldn’t recommend it unless you have a pressing need for it.
HomeKit-secured routers also provide iOS or iPadOS apps which you can get from the App Store and will require when setting up these systems.
How to set up a HomeKit-secured router
First, download and install the relevant app for your router, open it and follow the manufacturer’s set-up instructions.
- During this process, you’ll be asked whether you want to add the router to your Home app.
- Tap accept and follow the on-screen instructions.
- (If you don’t get asked you’ll need to use your router manufacturer’s instructions.)
- A notification will appear once you’ve successfully added your router to the Home app.
Setting up your HomeKit devices for the router
Because most smart home devices are actually pretty dumb, the next stage of the process is slightly annoying but necessary It basically comes down to switching all your HomeKit-enabled products off and switching them on again, which I suspect (though Apple didn’t say) is required to reset the (dumb) low-power processors inside these things.
It means you must remove any existing accessories you’ve already set up, which is a shame as doing so also means all the data, including accessories, scenes, automations and people you’ve invited to control your home will be deleted.
You’ll have to set them all up for your preferences once again.
There are two ways to remove the devices: You can remove individual accessories from your Home app or delete your entire home set-up in the app in order to reconfigure the whole thing from scratch.
To remove individual accessories:
- On iOS, you’ll press and hold the accessory, tap Settings and then tap Remove Accessory.
- On a Mac, double-click the item, choose Settings and then tap Remove Accessory.
To delete your existing home setup:
- On iOS, open the Home app and tap the home icon in the top left corner.
- Scroll to the bottom of the page and tap Remove Home.
- On a Mac, open Home>Edit>Edit Home and click Remove Home.
Once you’ve removed the accessories (or your home setup) you’ll need to reset you accessories **.
** This is likely to be a tedious process, as you will need to find the tiny reset button that may exist on each of your HomeKit devices. If you can’t find that button, you’ll need to read the manual, spend half a day trying to find out more information on the manufacturer’s website, or contact the manufacturer to begin negotiating for help with its customer support service. Good luck with that.
Assign HomeKit router security privileges
As you add HomeKit devices to your home setup, you’ll be given the opportunity to define access privileges, which works like this:
- Open the Home app.
- Tap the home icon in the upper-left corner.
- Open Home Settings and then choose Wi-Fi Network & Routers.
- You’ll find a button marked HomeKit Accessory Security which you should toggle to on.
- You’ll also see a list of the devices you have on your network and can assign the relevant security access to each one (Restrict to Home, Automatic, No Restriction).
So, where are we now?
You now know how to set this system up. Given that doing so may be time-consuming, it’s probably worth reprising why it’s important.
If properly configured, most routers are smart enough to distinguish between potentially dangerous incoming traffic and traffic from (assumed to be authorized) systems you have installed in your home. However, not every device is as well secured as you might think.
Many of the first smart home devices shipped with weak security, while some may even carry malware already inside the chip.
In the former case, an attacker who can find the device may want to use it to help them climb inside your home network. In the latter scenario, that trusted device may be sharing all kinds of information about you with people you know nothing about.
That’s why limiting your smart home devices’ access to the internet is the smart thing to do. If they can’t contact people, or can only contact a very limited sub-set of people, then you are a little safer. If they can’t be found, you’re safer, too.
So, is this really something to worry about? Clearly Apple thinks it is, and it is telling that Amazon seems to agree, given addition of HomeKit support to its Eero routers.
It’s also important to consider that pretty much the entire smart home device industry is now working with Apple to develop more secure, more compatible connectivity standard.
“The project is built around a shared belief that smart home devices should be secure, reliable, and seamless to use,” the partners said.
What are they concerned about? It’s possible they are also aware of Kaspersky research that claims attacks against smart home devices climbed by 700% across 2018-19.
So, while the need to rebuild your entire smart home setup in order to use HomeKit-secured routers may seem frustrating, the added security you get justifies the work.
Of course, many Computerworld readers are experts and may already have found their own ways to improve their own smart home (or office) security. That’s great. However, for many the fact that Apple now offers such tools makes such protection available to them, probably for the first time.
With this in mind, and the scale of the evident threat model, I’d urge anyone with a HomeKit set-up to begin taking steps to implement this kind of protection.
In an ideal world, cable and broadband suppliers would upgrade the routers they supply with support for HomeKit security as a matter of urgency – and it may be worth customers applying pressure to make sure they do. Why not contact your provider and ask about this?
Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.
Copyright © 2020 IDG Communications, Inc.