Forbrukslån | Liittymävertailu | Beste Kredittkort Norge | Billigste Strømleverandør | Beste Hjemmealarm | Forsikringsselskap | Billigste Mobilselskaper | Kjøpe Godteri
AppleiPhoneMobileSecurityThe MSSP WorldZero Day Alerts

Apple Fixes HomeKit Flaw That Allowed Unauthorized Smart Lock Access

A zero-day HomeKit vulnerability in iOS 11.2


Apple is reportedly rolling out a server-side fix for a critical, zero-day HomeKit vulnerability in iOS 11.2 that allowed unauthorized access to smart devices and accessories.

The vulnerability was first demonstrated to Apple news site 9to5Mac, and the flaw could have potentially allowed attackers to gain remote, unauthorized control of a slew of HomeKit-enabled smart devices — including smart locks and smart garage door openers.

Currently, no information on the vulnerability itself has been given, but the news outlet reported that it was difficult to reproduce. It reportedly required at least one iOS device running iOS 11.2 connected to a user’s iCloud account.

The implications of the vulnerability are extremely worrying, with the obvious concern being the ability for attackers to remotely open a smart lock or garage door and gain access to someone’s house without a physical key. This portion of the vulnerability was specifically demonstrated first-hand to 9to5Mac, the publication wrote.

As of Thursday, Apple has told the outlet that it is rolling out a server-side fix for the issue. As such, users will need to take no immediate action to patch the vulnerability and protect their security.

On the other hand, Apple’s server-side fix will apparently limit certain HomeKit functionality — namely disabling remote access for shared users. Full functionality will be restored in an upcoming update to iOS 11.2 next week, Apple said.

“The issue affecting HomeKit users running iOS 11.2 has been fixed,” Apple said in a statement. “The fix temporarily disables remote access to shared users, which will be restored in a software update early next week.”

Reports seem to indicate that Apple has been aware of this and similar HomeKit vulnerabilities since late October, but certain issues were not addressed as of iOS 11.2 and watchOS 4.2. That means, presumably, that the flaw was live for several weeks in current versions of iOS and watchOS before being addressed.

Apple was apparently able to fix the issue on its servers because it affected the HomeKit framework, rather than individual HomeKit systems or supported smart products.


Show More


Stephen Turner, the Director of Operations for predictiveIT, has spent the past 22 years involved in the technology realm and security. Stephen began his career in the United States Marine Corps as a Crypto Technician, before moving into the private sector. He has worked all facets of the Information Technology world including administration, security, consulting, project management, Director of Cyber Security and as a Chief Information Officer for nationwide organization where he was responsible for architecting the security infrastructure during the migration of the organization’s entire data center to the “cloud”. Stephen has trained as a Certified Ethical Hacker, Certified Information Systems Security Professional and as a Red Hat Certified Architect with a focus on Linux security.

Adblock Detected

Please consider supporting us by disabling your ad blocker