Zero-day iOS HomeKit vulnerability exposed smart locks to unauthorized access

Apple’s HomeKit framework has a vulnerability that allows unauthorized access to connected smart devices like locks and garage door openers.

Apple has already put in a server-side fix that rectifies the issue, but the fix also disables remote access to shared users. Apple says that the reduced functionality will be restored with an iOS 11.2 update next week.

The most serious ramification of this vulnerability prior to the fix is unauthorized remote control of smart locks and connected garage door openers.

The vulnerability required at least one iPhone or iPad on iOS 11.2, the latest version of Apple’s mobile operating system, connected to the HomeKit user’s iCloud account; earlier versions of iOS were not affected.

Because the server-side fix has already been implemented, users do not need to take any additional steps to secure their smart products. Just be sure to install the iOS update when it’s released in order to regain the reduced functionality.

 

%d bloggers like this: