Click to Skip Ad
Closing in...
  1. Best Robot Mop 2021
    08:29 Deals

    The world’s first self-cleaning robot mop is $100 off at Amazon – and I’m obsessed

  2. Best Meat Thermometer 2021
    09:31 Deals

    The gadget that helps you cook perfect steak is $33 at Amazon, a new all-time low

  3. MacBook Pro 2021 Price
    12:16 Deals

    Apple’s M1 MacBook Pro is $200 off at Amazon, matching the lowest price ever

  4. Viral Tiktok Videos
    11:14 Deals

    This $7 toothpaste tube hack on Amazon is blowing people’s minds




HomeKit is the latest Apple product to have a serious security flaw

December 7th, 2017 at 4:32 PM
Apple HomeKit security bug in iOS 11.2

A zero-day vulnerability with Apple’s HomeKit exposed users’ smart door locks and garage-door openers to hackers, 9to5Mac reports. The serious security issues have already been fixed via a server-side patch by Apple, and an update to iOS 11.2 is coming in the near future to fix any broken functionality.

The site reports that a “HomeKit vulnerability in the current version of iOS 11.2 has been demonstrated to 9to5Mac that allows unauthorized control of accessories including smart locks and garage door openers.” It describes the bug as “difficult to reproduce,” but said that it potentially “allowed unauthorized control of HomeKit-connected accessories including smart lights, thermostats, and plugs.”

Users don’t need to run around unplugging all HomeKit-connected devices: 9to5Mac says that Apple has already deployed a server-side update that fixes the bug, which was in the HomeKit service, rather than the code on individual client devices.

The disclosure of another bad security flaw comes at a terrible time for Apple. Just last week, developers found a major flaw in macOS High Sierra that allowed anyone to gain root access to a locked Mac, using no advanced knowledge and seconds of physical access to the machine. That flaw was publicly disclosed while it was still live; in the case of this HomeKit bug, it seems that 9to5Mac kept it quiet until Apple had a chance to fix it.

In a comment to 9to5Mac, Apple said “the issue affecting HomeKit users running iOS 11.2 has been fixed. The fix temporarily disables remote access to shared users, which will be restored in a software update early next week.”

Although the exact nature of the bug hasn’t been disclosed, it sounds far more finnicky than the macOS High Sierra root bug. 9to5Mac said that “the vulnerability required at least one iPhone or iPad on iOS 11.2, the latest version of Apple’s mobile operating system, connected to the HomeKit user’s iCloud account,” which isn’t exactly easy. However, any security flaw that potentially gives a stranger access to your hack is bad news for Apple and the trustworthiness of smart home accessories in general.




Popular News