Last week, popular websites, apps and services went down when internet traffic company Dyn was hit by a series of DDoS attacks. In the aftermath, it turns out the attackers were part of a botnet consisting of millions of connected smart-home devices. This is exactly the kind of hacking Apple Inc.’s (NASDAQ:AAPL) HomeKit was designed to prevent.
Chances are, you were affected in some way by last week’s internet outages. Servers across the U.S. –especially on the East Coast — were impacted when Dyn, an internet infrastructure company, was hit by a series of denial of services (DDoS) attacks.
Many popular websites and services were offline or sporadically down for the better part of a day, including those of Twitter Inc (NYSE:TWTR), Amazon.com, Inc. (NASDAQ:AMZN) and Netflix, Inc. (NASDAQ:NFLX).
According to a statement published by Dyn, the company was hit by three DDoS attacks that overwhelmed its support staff. There were tens of millions of IP addresses involved in the attack by a botnet — a cluster of devices taken over by hackers using Mirai malware and commandeered to attack Dyn.
As it turns out, the botnet doing the attacking wasn’t infected computers. It was millions of smart home devices, like connected cameras. In other words, the Internet of Things was used for a historic attack. And it was possible because of poor security — an issue that has been the subject of repeated warnings.
With the average North American home now having 13 internet-connected devices, the security implications of lax smart home security are suddenly much more than a scenario. They have been proven to be real, and to have serious consequences.
Your smart thermostat, TV, door lock, speaker or camera could be hacked and become part of the next attack.
Apple HomeKit Was Designed to Help Prevent This Scenario
Apple was relatively late to the table with its HomeKit smart home platform. It was introduced in 2014, and the first HomeKit-compatible smart devices didn’t start rolling out until a year later. A big part of that delay was likely the security demands AAPL placed on manufacturers, including the added cost of an authentication chip each device requires.
But as AppleInsider points out, HomeKit and its extremely high level of security would have protected smart devices from being hijacked like the ones last week were. In its development documentation, Apple outlines the basic framework that keeps HomeKit smart devices so locked down:
“Accessories that support iCloud remote access are provisioned during the accessory’s setup process. The provisioning process begins with the user signing in to iCloud. Next, the iOS device asks the accessory to sign a challenge using the Apple Authentication Coprocessor that is built into all Built for HomeKit accessories. The accessory also generates prime256v1 elliptic curve keys, and the public key is sent to the iOS device along with the signed challenge and the X.509 certificate of the authentication coprocessor.”
AAPL’s security measures have been called bleeding edge and many manufacturers have been staying away from HomeKit adoption because of the additional costs. However, the DDoS attacks on Dyn last week have brought the security — or lack of security — of many smart home devices to the forefront.
HomeKit-compatible smart home accessories may cost a little more than others, and they may be harder to find. But it’s a pretty good bet that there’s not going to be a botnet comprised of HomeKit devices waging war on your favorite websites any time soon.
In the aftermath of the Dyn attack, AAPL’s insistence on security being a primary focus in its home automation platform may pay off with more partners joining the HomeKit program and more consumers actively seeking out the Apple-approved smart home devices.
As of this writing, Brad Moon did not hold a position in any of the aforementioned securities.