iOS 11, HomePod, and trust

Written by

Last night, we had a nice little gathering to watch the Super Bowl. As everyone got settled in to watch the game, they pulled out their phones, as one does.

Suddenly, an alert appeared on my phone, one I’ve never seen before, asking me if it was OK to share my WiFi password with one of our guests. I tapped OK and they were logged on to our WiFi.

I’d heard about this behavior (I believe it shipped with the very first version of iOS 11), but never encountered it before. It felt a bit like opening an AirPods case near my iPhone. The alert just popped up, took over the screen.

Benjamin Mayo did a writeup of this behavior back in June 2017. If you follow the link, you can see what the alert looks like.

So what does this have to do with HomePod? Fair question.

Imagine that you lived next door to a big guy, a big guy with a beard who loved Heineken and Ozzie. We’ll call him Jim. What’s to prevent Jim from AirPlaying in to your HomePod, blasting Ozzie at top volume any time he liked?

As far as I can tell, you have to be on the same WiFi network as a HomePod in able to AirPlay in. So if Jim is not on my WiFi network, he has no access to my HomePod.

But suppose he comes over for coffee that one time, and I give him access to my WiFi in the scenario described above. Short of my changing my WiFi password, what’s to prevent Jim from Ozzying up my HomePod any time he likes?

There is a pairing process that is required to set up your HomePod, tie it to an Apple Music account. One question is, is that initial iOS device required in order to play music on HomePod? From everything I’ve read, it seems the only requirement for access is being on the same WiFi network as the HomePod.

To bring this all home, a second question is, once someone gains access to your WiFi, do they then have access to your HomePod? Does the scenario at the top give temporary access, say, for one day, or is it permanent access to your WiFi network?

It’s all about trust.

Just to be clear, I’m not worried that this is some sort of security hole. Just as Apple deals with this sort of protocol between other devices, I feel certain that there is a solution in place. I’m just curious about the details.

I’ll dig into this more once I get my paws on my very own HomePod. Meanwhile, if you know the answers to any of these questions, please do ping me.