Well they could require a security level for starters and require only secure pairing (the fact that we even have something besides secure pairing should make a few bells ring), but that still leaves a bunch of avenues for an external vendor to fuck up their side of the implementation.
It's a whole another system outside of Apple's control and some mutually agreed upon Bluetooth LE elliptic key does nothing to protect it in its entirety. It still leaves cryptographic mistakes, side-channels and all other vulnerabilities.
Like, what does https:// or transport encryption in general really say about the website's security to you? Not much besides transport, does it?
Now we want to expose more than notification contents over Bluetooth (LE)? Are we sure? It has to be carefully designed.
You have to trust 3rd parties at some point. Apple can make it reasonably secure and let the user decide if 3rd party accessories are worth the potential risk but that option is never exposed.
Really Apple allows HTTPS connections but the same implementation concerns apply there. The web server could publish it's private and session keys to a "status" page and leak enough to make decryption trivial
I think it'd be more honest if they say "we don't want to give users options" (for better or worse) instead of claiming it's security
It's a whole another system outside of Apple's control and some mutually agreed upon Bluetooth LE elliptic key does nothing to protect it in its entirety. It still leaves cryptographic mistakes, side-channels and all other vulnerabilities.
Like, what does https:// or transport encryption in general really say about the website's security to you? Not much besides transport, does it?
Now we want to expose more than notification contents over Bluetooth (LE)? Are we sure? It has to be carefully designed.