IOS HomeKit bug exposed smart locks to unauthorized access

Specific details of the vulnerability was not shared, but 9to5Mac reported on the issue publicly only after hearing from Apple a fix had been in place.

A new HomeKit zero day bug lets attackers remotely access and control your smart home devices.

Currently, no information on the vulnerability itself has been given, but the news outlet reported that it was hard to reproduce. The most serious ramification of this vulnerability prior to the fix is unauthorized remote control of smart locks and connected garage door openers, the former of which was demonstrated to 9to5Mac. It reportedly required at least one iOS device running iOS 11.2 connected to a user's iCloud account. This portion of the vulnerability was specifically demonstrated first-hand to 9to5Mac, the publication wrote. "The issue affecting HomeKit users running iOS 11.2 has been fixed", an Apple spokesperson said in a statement. The problem isn't with any individual smart home device, but with the HomeKit protocol itself. As such, users will need to take no immediate action to patch the vulnerability and protect their security. The fix temporarily disables remote access to shared users, which will be restored in a software update early next week. For the time being, it also means that users with 11.2 wont have all of the standard remote HomeKit functionality, until Apple rolls out something more permanent next week.

The tvOS and watchOS updates were released on December 4 and 5, respectively, and contain the same fixes: for the aforementioned kernel bugs and a memory corruption issue in IOSurface, which could have allowed a malicious application to execute arbitrary code with kernel privileges. Earlier versions of iOS are not affected by the bug.

Related:

Comments

Latest news

Man United to Give Mourinho Budget of €90M for January Transfer Window
United turned the game around with two goals in two minutes from Romelu Lukaku and Marcus Rashford to progress to the last 16 as Group A winners.

Livestreaming, New Games Coming to Facebook Messenger
The feature, powered by Facebook Live, lets Messenger users broadcast their gameplay to their Facebook Page or profile. Facebook also announced that it is rolling out support for livestreaming Facebook Messenger games, starting today.

Johnson & Johnson (JNJ) Stock Price Rose While Hexavest INC Decreased Stake
Bulldog Investors Llc decreased Swiss Helvetia Fund (SWZ) stake by 208,618 shares to 1.92M valued at $24.36 million in 2017Q2. Sand Hill Advisors Ltd Liability Corp invested in 0.79% or 52,399 shares. 85,959 are owned by Advisors Incorporated Ok.

Irrfan Khan honoured at Dubai Film Fest
The opening ceremony at Madinat Arena began with presentation of the lifetime achievement awards to film icons from different parts of the world.

Market player: CenterPoint Energy, Inc. (CNP) ,Crown Castle International Corp. (REIT) (CCI)
Washington-based Cornerstone Advisors has invested 0.14% in Crown Castle International Corp. (NYSE:REIT) or 133,210 shares. Out of 2 Wall Street analysts rating American Assets Trust, 2 give it "Buy", 0 "Sell" rating , while 0 recommend "Hold".

Other news