my point was simply that homekit has been incredibly slow to gain any adoption and is pretty limited in terms of who can make things (mfi program), what hardware needs to be in your product (special auth chips..) etc. As a general strategy, if your iot strategy requires iot device makers include special chips and use specific factories, its a rather closed way to approach the market.
MFi isn't too limited. You must just apply and meet certain standards. The benefit is you have access to a huge market (iOS users).
What's wrong with this approach? Imagine the PR disaster if this DDoS attack was caused by HomeKit devices.
As a potential future user of HomeKit it's reassuring to know security is a real concern here. I'm glad I won't have to probe the device to check it isn't running a telnet server with no root password, for example.
When we're talking about an internet-connected camera or a front door lock, yeah I'm going to want high standards for security. If that slows down HK adoption so be it. If I wanted a convenient-but-insecure lock compatible with my existing devices today I'd just leave my door unlocked.
i think this perspective conflates good security and bad security with a single approach.
"You must just apply and meet certain standards" - your factory also needs to apply and meet standards, not just you. we work with a fantastic factory that builds high quality products (numerous baby and toy products) and is large (>45K employees). they aren't mfi certification (its not just meeting standards, its an application process that costs time and money).
The benefit is you have access to a huge market (iOS users). - we already have access to this market. The main thing is slapping a little homekit badge on the packaging and slightly tigher integration with siri.
agreed with you that nobody wants to be at fault for taking down the internet due to bad security on their devices, but its a bit misleading to suggest that apple's approach is a good way to do it.
whats fundamentally wrong with it is the cost it imposes onto companies making something compatible with their ecosystem. I don't want to add a few dollars to my BOM so that I can further help their ecosystem. I also don't like the closedness but I understand that is apple's general approach. I want to have open APIs and cloud integrations. Radio/hardware level integrations are fine but given the giant mess that is IoT radio standards, I would rather just integrate via https.
For perspective on how this makes it down market:
Lets say I want to make a Thread compatible device and a homekit compatible device. I have now likely added 4-8USD to my BOM. Typical multipliers from BOM to retail are 3-5X or more so we could have just added 32 usd to our price. Or we could have just done a cloud integration and used the wifi or bluetooth chipset we were going to use anyways...
I agree it's not a complete security solution, but it's certainly a good baseline if nothing else.
>The main thing is slapping a little homekit badge on the packaging and slightly tigher integration with siri.
It's integration into the entire HomeKit platform including the new Home app across multiple devices.
Thanks for the in depth numbers. Personally I'd pay an extra $20 for something HomeKit compatible, especially if I'm paying $150+ anyway. I've been looking at some devices lately and haven't even considered anything which doesn't integrate with HomeKit.
http://www.forbes.com/sites/aarontilley/2015/07/21/whats-the...