Connected home security just took a definitive leap forward as mesh Wi-Fi pioneer eero has debuted enhanced Apple HomeKit security on their line of routers. Designed to work with the latest eero app and the Apple Home app on iOS, iPadOS, and macOS Catalina, this marks the first implementation of the HomeKit router security specification announced by Apple in 2019. Both the latest eero and eero Pro routers can be used to help lock down HomeKit accessories in the home, bringing high levels of security and privacy.
At the present time, support for the new HomeKit router security specification is limited to the eero system. According to Apple, only one other manufacturer—Linksys—has formally announced their intent to support the spec, which will be forthcoming in their Linksys Velop Tri-Band system. We hope to see other manufacturers get on board as this new spec begins to take hold in the marketplace, since this level of home network security will become increasingly important as our homes get more saturated with connected home devices.
Granular HomeKit Security
The HomeKit router security specification brings granular settings to the homeowner, including Restrict to Home, Automatic, and No Restriction options. These can be set on an individual accessory basis, or in the case of some accessory hubs and bridges—such as the Philips Hue Bridge—for all HomeKit accessories connected through the bridge. Of course, this is contingent on having one or more routers—like eero—that fully support the standard.
Per the Apple spec, here are the details on the available settings after the service is activated:
Restrict to Home: This will be the most highly secure setting. With this option, the accessory is restricted to interacting only with HomeKit through your Apple devices and the required Apple HomeKit Home Hub. Furthermore, the HomeKit accessory won’t be allowed to connect to the Internet or any local devices. Since access to third-party services can be blocked, Apple says firmware updates may not be available at this highest setting,
Automatic: This is the default security setting as HomeKit security through your supported router is activated. In this case, the accessory can communicate with HomeKit and other connections explicitly recommended by its manufacturer.
No Restriction: This will be the least secure setting, and basically what you probably have today. Apple says the setting bypasses the secure router setup and permits the accessory to connect with any device in your home network or other Internet-based services.
We recently deployed the latest eero mesh Wi-Fi system (eero model J010001) in our Digitized House integration labs, and were greeted by a notification in the eero app on iOS that the new HomeKit security features were available. At about the same time, we received an email from eero, linking to their blog post announcing the new integration. We moved forward with setting things up, a process which worked smoothly and took just a few minutes.
Beyond the eero routers, we already had three Apple HomeKit Home Hubs in our labs. You will need at least one Home Hub in your home in order to use the service. For details, see our step-by-step Home Hub setup guide.
Setting up HomeKit Accessory Security on eero
In our base setup for the two-story structure, we have three eero routers which connect to a 300 Mbps Spectrum broadband service over community fiber. All three eeros are hard wired to our network backbone with Gigabit Ethernet connections.
Adding the Apple HomeKit service to eero was initiated through the Discover tab in the eero app. We were pleasantly surprised to learn the HomeKit service did not require a paid subscription to eero Secure, the company’s suite of security add-ons. However, the Apple HomeKit and eero Secure services work together if you elect to subscribe.
Once the Apple HomeKit tab was selected from the eero app and the “Set up HomeKit button” was tapped, the Apple Home app took over for the remainder of the setup process. We were asked to allow eero to access our HomeKit Home data, then it was simply a matter of having HomeKit sequentially discover our routers (as HomeKit accessories). Our three routers were quickly discovered and added, taking less than a minute from start to finish.
Following setup, details of the setup can be accessed from the Wi-Fi Network & Routers panel in the Home app. This will include a Routers & Extenders section with a listing of all of the eero routers you configured (three in our case). Furthermore, there will be a HomeKit Accessory Security switch, so the service can be switched off entirely with a slider if desired.
At the bottom of the Wi-Fi Network & Routers panel, all of the discovered accessories will be listed. While some of the existing HomeKit accessories in your home may instantly appear here and gain the new security features, Apple recommends removing accessories from HomeKit and reinstalling them once the router security is activated. In this case, Apple says the accessories will be assigned a unique passkey known only to the router and each accessory.
For our initial testing, we bypassed the HomeKit accessory removal and reinstallation step. While our labs had 16 HomeKit accessories already installed, all but four were covered by the new security features when the installation was done. The missing accessories were three Apple TV boxes and an August Smart Lock Pro. The covered devices included a Chamberlain MyQ HomeKit Bridge (for the garage door), two Legrand HomeKit smart plugs, a Lutron Smart Bridge (for three Lutron dimmers), and a Philips Hue Bridge (for six Hue lamps).
For all of the enabled devices or bridges, the Restrict to Home, Automatic, and No Restriction settings can immediately be used to adjust security settings. At a minimum, we recommend using the Automatic setting to begin with in your home (which will be the default setting as the security service is activated), then move to the Restrict to Home settings one by one to see how things work in your environment.
The Bottom Line
Should you activate HomeKit router security features in your home? Certainly, particularly if you have an existing eero system that supports the service and more than a HomeKit device or two in your home. There appears to be only upside here as far as higher security is concerned.
We will continue to test the service and report back.
Tom Kolnowski is the Chief Content Officer & Founder of Digitized House Media, LLC, the publisher of Digitized House | Guide to the Connected Home. When he isn’t writing about smart home technology, sustainability, and high-performance architecture, you’ll find him exploring faraway destinations with his family.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.