Maybe Apple's Right and Security IS Important

Posted by Matt Birchler
— 2 min read

Remember when this story was making the rounds back in July?

So far, only five companies have launched HomeKit-certified smart home devices. What’s the hold up? Apple has thrown a plethora of challenges at hardware makers, and some developers say one of the biggest is complying with Apple’s strict security requirements on Bluetooth low energy devices.

Oh yes, that little thing called security, what a hassle! Why would Apple try to stomp out the innovation the Internet of Things (IoT) needs at this point in it's growth to thrive? Why not loosen the rules and let manufacturers run wild? Well, how about this?

Twitter, Spotify and Reddit, and a huge swath of other websites were down or screwed up this morning. This was happening as hackers unleashed a large distributed denial of service (DDoS) attack on the servers of Dyn, a major DNS host.

That attack took down a good chunk of the websites and web services we all love on Friday, and it was miserable. Miserable for us as users, miserable for websites relying on Dyn for their DNS service, and of course most miserable for Dyn themselves who had to deal with this whole mess1.

This was a DDoS attack on a scale we have not seen before, so how did it get so big? Simple, millions of insecure IoT devices contributed to the mess. Here's what Brian Krebs had to say about it:

The size of these DDoS attacks has increased so much lately thanks largely to the broad availability of tools for compromising and leveraging the collective firepower of so-called Internet of Things devices — poorly secured Internet-based security cameras, digital video recorders (DVRs) and Internet routers. Last month, a hacker by the name of Anna_Senpai released the source code for Mirai, a crime machine that enslaves IoT devices for use in large DDoS attacks. The 620 Gbps attack that hit my site last month was launched by a botnet built on Mirai, for example.

So when I hear IoT manufacturers talk about how outrageous Apple's requests are for their simple utilities, I just sigh. Just because you're making a lightbulb doesn't mean you don't need to worry about security. If you can access the internet, you need to be concerned with security. I don't know the specifics, and maybe Apple is being a little too cautious, but today Apple sure looks to have the correct priorities on this.

  1. Under a sever amount of stress, I can only imagine.