Zero-day iOS HomeKit vulnerability allowed remote access to smart accessories including locks, fix rolling out

By | December 8th, 2017
No Comments on Zero-day iOS HomeKit vulnerability allowed remote access to smart accessories including locks, fix rolling out

A HomeKit vulnerability in the current version of iOS 11.2 has been

demonstrated which won’t be describe in detaild and was difficult to

reproduce, allowed unauthorized control of HomeKit-connected accessories

including smart lights, thermostats, and plugs. The most serious

ramification of this vulnerability prior to the fix is unauthorized remote

control of smart locks and […]


														
							

A HomeKit vulnerability in the current version of iOS 11.2 has been demonstrated which won’t be describe in detaild and was difficult to reproduce, allowed unauthorized control of HomeKit-connected accessories including smart lights, thermostats, and plugs.

The most serious ramification of this vulnerability prior to the fix is unauthorized remote control of smart locks and connected garage door openers, the former of which was demonstrated to 9to5Mac.

The issue was not with smart home products individually but instead with the HomeKit framework itself that connects products from various companies.

The vulnerability required at least one iPhone or iPad on iOS 11.2, the latest version of Apple’s mobile operating system, connected to the HomeKit user’s iCloud account; earlier versions of iOS were not affected.

Once this vulnerability has been patched, we’ll be comfortable with trusting HomeKit security solutions to remain protected, but you can always use an old fashioned lock and key or install security cameras as a double measure.

Source

Google
Nisheeth Bhakuni