Back at WWDC 19, Apple announced HomeKit would get a feature that promises to improve security on its smart home platform via Wi-Fi routers. This feature called HomeKit Secure Router works by applying firewall rules to HomeKit accessories connected via Wi-Fi or the routers’ ethernet ports.
During the announcement, Apple said that several Router brands would roll out HomeKit Secure Router support, including Linksys and Eero. However, it was not until 2020 that we saw adoption of this feature. As of December 2022, HomeKit Secure Router support is available for select Velop Whole Home Mesh Wi-Fi and Eero devices.
I have been using a Velop mesh setup in my home since December 2020 and recently switched to the Eero Pro 6. Once setup, it’s a feature that runs in the background and I check my security settings every now and again.
In this video I am going to take you through what is HomeKit Secure Router, currently supported devices. How to set up HomeKit secure Router and take you through settings and any impact to this change will have.
What is HomeKit Secure Router
HomeKit support for routers enables you to set 3 levels of privacy controls for your HomeKit devices connected via Wi-Fi and Ethernet. These new settings will be available within the Home app on iOS, iPadOS, and macOS. These settings allow you to determine on how these devices talk to the outside world.
Smart home accessories that connect to the internet can be vulnerable to attack. But not only that, some device manufacturers have been found to have been sending your data without consent. So with a HomeKit Secure Router, you can lock down devices from manufacturers that you might not trust.
What do you need to get started with HomeKit Secure Router
An iPhone, iPad or Mac that’s running the latest software. Check that you’ve set up the Home app on your device and have logged in with the Apple ID you use with iCloud.
A home hub that’s running the latest software. This can be an Apple TV, HomePod or HomePod mini.
A HomeKit-compatible router such as the Velop Mesh Wi-Fi and select models of the eero range. You also need to ensure you are running the latest firmware update.
How to set up HomeKit Secure Router
I am assuming you have already setup your chosen router and the next step is to add the routers to HomeKit.
In my case, I am using the Eero 6 Pro and setup starts within the Eero app by tapping the discover tab. Then Scroll to the option called Apple HomeKit. This will take you to a screen that will give you more information about HomeKit security and a button that says Set up HomeKit. You are then prompted to allow access to your HomeKit data, which is important for everything to work correctly.
The next part of the setup is like adding any other HomeKit accessory to your setup. This process will take you through adding each router, which involves naming the router and adding to the room you have placed it. When first setting up each device, it uses the naming convention you first setup in the app. So there’s a button in the setup UI to identify the correct router, which flashes the light on the top of the router. Next, you re asked to turn on HomeKit Accessory Security.
Once you have done these steps, it will enable HomeKit Secure Router. The default setting is “Automatic” and now I will explain what all the settings mean.
HomeKit Secure Router settings explained
Once setup, it is all pretty much automatic and you don’t have to do anything else. You will see nothing different in the main sections of the Home App. You will not see the routers listed in the rooms you have assigned to them, which is the same as HomeKit bridges.
To access these settings, you need to jump into the Home app and tap the three dots on the right next to the + symbol, then tap ‘Home Settings This opens up the setting and options for your HomeKit home and towards the bottom, you will then find a menu for ‘Wi-Fi Network & Routers.’
Tapping on the menu lists several options. First, you can see all the routers you have added. If you have multiple routers added as part of the mess, then each one will be displayed separately. Then tapping on each router will list data like the room assignment and information about the router. You also get a toggle to enable and disable HomeKit Accessory Security. This is the master switch to switch the feature on and off. Then finally a list of HomeKit accessories that connect to your network via Wi-Fi or Ethernet.
As previously mentioned, when you first enabled HomeKit Secure Router support, it is set to automatic. But you can individually set the rule for each HomeKit accessory connected to your Velop router.
Restrict to Home provides the tightest control over devices. This setting deny’s access to the web or other devices on your network. Devices set to ‘Restrict to Home’ can still connect to your HomeKit hub on your local network. But because they cannot communicate outside your network, they won’t be able to do things like update their firmware. It also means that features via the manufacturers’ app that required cloud processing will not work, more on that later.
Automatic, which is the default setting for any accessory connected. This setting allows Internet connections and connections to other devices that the device manufacturer has identified. It describes those connections in the Home app providing additional transparency about services the device will connect. However, not all devices makers provide this information.
No Restriction, which allows any connection to the Internet or a local device.
In most cases the automatic setting will work fine and provide enough protection. But if you worried about smart home devices transmitting data outside of your home, then you are best setting this device to restrict to home.
Things to consider with HomeKit Secure Router
HomeKit bridges
If you are using HomeKit accessories that connect via a HomeKit bridge such as Philips Hue. Then you do not need to go through each device to set individual settings. Which would be time-consuming if like me, you have about 35 lights and accessories connected to bridges.
However, this could be an issue with brands like Eufy that have a central hub for its cameras. So if you want to “Restrict to Home” one particular camera, then this would not be possible and it would restrict all cameras. So just bear this in mind when planning any deployment of HomeKit Router Support in your setup.
You can break manufacturer specific features
Another thing to consider is that if you choose to restrict to home. Then this will stop that device from talking to the outside world. Meaning if you use features that require server side processing available via the manufacturers’ app. Then these features will stop working.
So it’s a trade-off between keeping your data private and functionality and only you can decide what is best for you.
HomeKit secure video
HomeKit Secure Video is not impacted by any of the 3 settings. So if you was to to assign the restrict to home setting to a camera with HomeKit Secure video support. Then this camera would still work in HomeKit and HomeKit Secure Video. But in most cases, it would not work in the manufacturers app. However, with cameras like the Eve Outdoor camera that is designed to only work locally, then you would not be impacted.
What about my non-HomeKit devices?
All other devices on your network, such as your iPhone and iPad, will still function the same way as before. The feature only impacts HomeKit-enabled devices connected via Wi-FI or ethernet.
What about firmware updates for HomeKit accessories?
Firmware updates are still available for your smart home accessories, just like they were before adding a HomeKit Secure Router. However, setting the device to restrict to Home may prevent firmware updates.
Bluetooth and Thread support
Final thoughts
Having spent a couple of years using the Velop Mesh Wi-Fi system and, more recently, the Eero setup. I have felt more confident when adding devices to my own that I would not 100% trust with my data. Not only that, both routers have been rock solid in terms of performance and the dreaded “No Response” eliminated entirely.
I also like that for the average user, it is simple to set up and leaving it in automatic mode will provide a decent level of protection. But if you have concerns over a HomeKit device phoning home or that needs cloud processing for features outside of HomeKit. Then only with only a few clicks, you can limit access outside of your network. This will bring added peace of mind for those concerned with using devices that come from manufacturers with no track record of privacy.
With more users adopting smart home devices, then adding a layer of security is only a good thing. So I would recommend if you are a HomeKit user that you seriously consider a HomeKit Secure Router.
If you want to purchase a HomeKit Secure Router, you can checkout deals on on Amazon for the Velop Mesh Wi-Fi and select models of the eero range.
Don’t forget to subscribe for to be notified of the latest HomeKit News, reviews and tutorials. If you have a question or a comment, then leave it below. You can also follow us on Twitter, Facebook, YouTube and Instagram.