Apple pulls massive HomeKit chip U-turn to keep up with Amazon Echo and Google Home

Blink and you'd have missed surprise news

Analysis Apple has made a huge reversal in its HomeKit smart-home technology, in an effort to keep up with Amazon and Google.

The iPhone giant has insisted for years that any third parties wishing to create HomeKit-compatible products have to include a special Apple-specified MFi coprocessor (such as this one) in order to authenticate, connect and transfer information securely.

But suddenly, and very quietly, Apple has dropped that requirement, and introduced software authentication for its system, bringing it in line with rivals. The blink-and-you-miss-it announcement happened at the Cupertino goliath's annual developers conference in June. Toward the end of a 45‑minute session, the momentous decision was given less than 20 seconds.

"Let's talk about authentication now," said Praveen Chegondi, a HomeKit program manager, toward the end of his time on stage (fast-forward the video to 37 minutes in).

"At Apple, security and quality is of utmost importance to us. Our customers trust that their accessories are tested thoroughly by MFI licenses and audited by Apple. To ensure accessories are trusted and self-certified we have adopted hardware-based authentication."

He then dropped the bombshell: "Starting with iOS 11, we are now introducing an alternate method to authenticate HomeKit accessories. Now accessories can be authenticated by software!" he said with a flourish, eliciting a small smattering of applause. "This provides a great option to enable HomeKit and shipping accessories that can be upgraded to HomeKit."

He concluded: "We will be sharing more information about the implementation later," before moving on to the next topic.

Bridge over troubled water

Apple did not let any of its potential partners know about the change – even big player Belkin, which announced just a few weeks before the event that it would, somewhat begrudgingly, sell a new Wemo Bridge so its products could communicate with HomeKit.

Neither has Apple highlighted the sea change in its approach, even though HomeKit was one of the main topics at its dev conference that year. The low-key nature led to folks on smart home forums asking: "Did Apple just open HomeKit?"

It is only now, as companies consider the lead-up to the holiday push, that they have started asking Apple if it will start sharing more details on its new software authentication approach to see whether they can include it in their products this year. As far as we are aware, there are still no specifics available.

So why the sudden turnaround and purposefully low-key announcement? There are three reasons:

  1. Competition
  2. Work still to be done, and
  3. Arrogance


The decision by Apple back in 2015 to require a specific chipset surprised and infuriated many smart home companies that were looking forward to having Apple's name brand open up the market.

For users, it meant guaranteed builtin security. For manufacturers, it meant significant extra cost in creating a special Apple version of their products, and ensured there was no way to upgrade existing products to work with the system. A software-only approach allows gadget makers to connect their equipment to Apple devices via HomeKit without any expensive hardware redesigns.

While some – like smart thermostat company Ecobee – decided to bite the bullet and create a new product line to incorporate the mandatory HomeKit electronics, the majority of manufacturers decided not to bother, with the result that several years after launch, the number of HomeKit products remained strikingly small.

But then came Amazon's unexpected success with its Echo voice-controlled digital assistant. Just a few months after Apple told manufacturers they had to put-up-or-shut-up if they wanted to enter its ecosystem, Amazon offered a software-only way to connect up smart devices.

As the Echo became a mainstream tech product, Google and Apple scrambled to move away from their vision of a smartphone-controlled home into voice activation. Google launched its Home rival in October 2016 in a bid to connect up with its smart home protocols and standards – including its subsidiary, smart-home poster child Nest.

It took Apple until June this year to launch the over-priced HomePod. Previously, the Californian monster had decided that everyone would have to buy an AppleTV and use an Apple iPhone to access its controlled ecosystem. But even with Siri, the AppleTV was no Amazon Echo, and so the HomePod was developed.

As Apple execs turned their attention to this digital assistant market – having gone cold on HomeKit for several years because of its authentication barriers – the call went out: there must be a way to securely connect HomeKit devices using just software. Do it. And do it now.

Similar topics

Other stories you might like

  • Experts: AI should be recognized as inventors in patent law
    Plus: Police release deepfake of murdered teen in cold case, and more

    In-brief Governments around the world should pass intellectual property laws that grant rights to AI systems, two academics at the University of New South Wales in Australia argued.

    Alexandra George, and Toby Walsh, professors of law and AI, respectively, believe failing to recognize machines as inventors could have long-lasting impacts on economies and societies. 

    "If courts and governments decide that AI-made inventions cannot be patented, the implications could be huge," they wrote in a comment article published in Nature. "Funders and businesses would be less incentivized to pursue useful research using AI inventors when a return on their investment could be limited. Society could miss out on the development of worthwhile and life-saving inventions."

    Continue reading
  • Declassified and released: More secret files on US govt's emergency doomsday powers
    Nuke incoming? Quick break out the plans for rationing, censorship, property seizures, and more

    More papers describing the orders and messages the US President can issue in the event of apocalyptic crises, such as a devastating nuclear attack, have been declassified and released for all to see.

    These government files are part of a larger collection of records that discuss the nature, reach, and use of secret Presidential Emergency Action Documents: these are executive orders, announcements, and statements to Congress that are all ready to sign and send out as soon as a doomsday scenario occurs. PEADs are supposed to give America's commander-in-chief immediate extraordinary powers to overcome extraordinary events.

    PEADs have never been declassified or revealed before. They remain hush-hush, and their exact details are not publicly known.

    Continue reading
  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading

Biting the hand that feeds IT © 1998–2022