IOS HomeKit bug makes smart locks vulnerable

Friday, 08 Dec, 2017

9to5Mac reports that Apple's Homekit has a vulnerability which would allow hackers to unlock your smart-lock-equipped doors, switch your thermostat on and off or mess in any way they wanted with your smart home.

We also understand that Apple was informed about this and related vulnerabilities in late October, and some but not all issues were fixed as part of iOS 11.2 and watchOS 4.2 which were released this week.

Apple Inc. has patched a serious vulnerability in its HomeKit smart home software framework that could allow malicious actors to hijack and control any device connected using the platform.

Since Apple has already pushed a server-side fix, users do not need to take any additional steps to secure their smart products.

The disclosure of another bad security flaw comes at a awful time for Apple.

The company has addressed the issue and already put a fix in place to rectify the bug, but this also disables the remote access to shared users.

In a comment to 9to5Mac, Apple said "the issue affecting HomeKit users running iOS 11.2 has been fixed".

Although the exact nature of the bug hasn't been disclosed, it sounds far more finnicky than the macOS High Sierra root bug. The exploit required an iPhone or iPad iOS 11.2, while connected to a user's iCloud account.