Click to Skip Ad
Closing in...
  1. Amazon Dash Smart Shelf
    15:16 Deals

    I’m obsessed with this Amazon gadget you’ve never heard of – and it&#821…

  2. Prime Day Deals 2021
    04:05 Deals

    Amazon Prime Day deals 2021: See hundreds of the best deals right here

  3. Prime Day Nest Thermostat Deal
    16:28 Deals

    The newest Nest Thermostat rarely goes on sale, but it’s $99.98 for Prime Day

  4. Prime Day DNA Test Deals
    07:17 Deals

    23andMe’s best-selling DNA test is $100 off for Prime Day

  5. Best Prime Day Deals 2021
    13:41 Deals

    Prime Day secrets: All of Amazon’s deepest discounts are on this one hidden page

HomeKit is the latest Apple product to have a serious security flaw

December 7th, 2017 at 4:32 PM
Apple HomeKit security bug in iOS 11.2

A zero-day vulnerability with Apple’s HomeKit exposed users’ smart door locks and garage-door openers to hackers, 9to5Mac reports. The serious security issues have already been fixed via a server-side patch by Apple, and an update to iOS 11.2 is coming in the near future to fix any broken functionality.

The site reports that a “HomeKit vulnerability in the current version of iOS 11.2 has been demonstrated to 9to5Mac that allows unauthorized control of accessories including smart locks and garage door openers.” It describes the bug as “difficult to reproduce,” but said that it potentially “allowed unauthorized control of HomeKit-connected accessories including smart lights, thermostats, and plugs.”

Users don’t need to run around unplugging all HomeKit-connected devices: 9to5Mac says that Apple has already deployed a server-side update that fixes the bug, which was in the HomeKit service, rather than the code on individual client devices.

The disclosure of another bad security flaw comes at a terrible time for Apple. Just last week, developers found a major flaw in macOS High Sierra that allowed anyone to gain root access to a locked Mac, using no advanced knowledge and seconds of physical access to the machine. That flaw was publicly disclosed while it was still live; in the case of this HomeKit bug, it seems that 9to5Mac kept it quiet until Apple had a chance to fix it.

In a comment to 9to5Mac, Apple said “the issue affecting HomeKit users running iOS 11.2 has been fixed. The fix temporarily disables remote access to shared users, which will be restored in a software update early next week.”

Although the exact nature of the bug hasn’t been disclosed, it sounds far more finnicky than the macOS High Sierra root bug. 9to5Mac said that “the vulnerability required at least one iPhone or iPad on iOS 11.2, the latest version of Apple’s mobile operating system, connected to the HomeKit user’s iCloud account,” which isn’t exactly easy. However, any security flaw that potentially gives a stranger access to your hack is bad news for Apple and the trustworthiness of smart home accessories in general.

Popular News