Connect with us

Hi, what are you looking for?

Apple

Security gap at Apple: Homekit bug can paralyze the iPhone

Apple Homekit bug

If you use an Apple Homekit, you have to be careful now, because a security hole is currently causing a stir. A bug in the Homekit can mean that your iPhones and iPads can no longer be used. The problems with the so-called “DoorLock” do not end here, however, because the error has been known since August 2021 and has now been published by the security researcher Trevor Spiniolas himself.


  • A security hole in Apple’s Homekit is currently causing a stir.
  • A typographical error can render iPhones and iPads unusable.
  • Apple plans an update for the beginning of the year.

Related:

The iPhone 15 Pro to be sold with no SIM card, with a switch to eSIM?

Advertisement. Scroll to continue reading.

With the Homekit from Apple, a lot can be controlled without any problems. However, a security vulnerability has now been published that mainly affects devices that work with iOS 14.7 or higher. Spiniolas found that device names with a long string cause an error that makes the devices unusable. His tests have shown that a sequence of around 500,000 characters paralyzes devices that load them from the Homekit API. Then restarting the devices no longer helps, but the devices have to be completely reset, which results in the loss of personal data.

With iOS 15.0 a limitation of the character string was introduced, but devices that run with iOS 15.2 now also seem to be affected. So if a device with an older operating system loads the long character string into the Homekit API, it is quite possible that the newer devices load this character string and then no longer work.

All iOS versions released from iOS 14.7 have been tested, and the vulnerability exists on all versions. Devices used during testing include an iPhone 7 (iOS 15.2-14.7), an iPad 6 (iOS 15.0 beta and iOS 14.7), and an iPhone XS (iOS 14.7.1 & 14.7). While untested, it is likely that the bug exists on all versions of iOS 14. Source: Trevor Spiniolas

Apple plans to fix the bug at the beginning of the year

If an iOS device name is changed, it will be downloaded and updated by all connected devices – this will trigger the error in the first place and the devices will no longer work. If the devices are not connected via the home data, only the home app will no longer work. However, it is up to you whether you want to separate your home data until the error has been rectified.

Advertisement. Scroll to continue reading.

In addition to the problem with functionality, there is another danger associated with this security gap. If attackers try to use ransomware to send the data to devices, devices with iOS 14.7, for example, could be rendered unusable by third parties. As a result, you would lose all personal, unsecured data without any action on your part.

I then informed them on December 9th that I planned to publicly disclose this information on January 1st, 2022. I believe this bug is being handled inappropriately as it poses a serious risk to users and many months have passed without a comprehensive fix. Source: Trevor Spiniolas

The security researcher also found the bug in August 2021. Apple has not really responded to the bug since then, which is why Spiniolas decided to go public itself. He himself claims that the error poses a serious risk for users and that he therefore wanted to go public himself.

Related:

At Apple, we will have to wait for the iPhone 15 Pro to be entitled to a periscopic lens

Advertisement. Scroll to continue reading.

What do you think of the vulnerability? Is it a Serious Threat or Much Smoke About Nothing? Let us know in the comments!

[article_mb_code]

Via: Golem
Source:
Trevor Spiniolas

Advertisement. Scroll to continue reading.
Advertisement
Advertisement

Related

Apple

In early March, Apple released the new version of the iPhone SE. Despite its sales being lower than expected, which led the company to...

Fortnite Chapter 3: filter hack to reach level 200 in a short time Fortnite Chapter 3: filter hack to reach level 200 in a short time

Games

We already know that Fortnite goes overboard with the amount of XP required to get all the Battle Pass rewards. Players have been frustrated by not reaching...

MOGA XP7-X Plus controller launches with support for Xbox Cloud Gaming games on Android and PC MOGA XP7-X Plus controller launches with support for Xbox Cloud Gaming games on Android and PC

Android

PowerA today announced the MOGA XP7-X Plus, its new gaming controller dedicated to Android phones (and tablets!). This joystick has several differentials that stand...

Apple

99 is expanding its motorcycle passenger service, 99Moto, to 30 more cities starting August 1. Motorcyclists can now register through the application to meet...

Advertisement

You May Also Like

Apple

In early March, Apple released the new version of the iPhone SE. Despite its sales being lower than expected, which led the company to...

Apple

Update (06/30/22) – JB According to information recently released, Samsung is finishing negotiations with LG and Japan Ulvac to start building factories that will...

Apple

15 years ago, on June 29, 2007, O iPhone hits stores after being presented on January 9 of the same year. At the time,...

Tech News

TikTok. (photo: TechnoPixel) A representative from the US Federal Communications Commission has asked Apple and Google to remove the TikTok app from their App...

Advertisement