A security researcher has disclosed a bug in iOS, which leverages HomeKit as an attacking vector to make the device useless ultimately.
Named as “doorLock”, the researcher said renaming any HomeKit device to a long (string) can trigger an unwanted reboot, making it useless. This was notified to Apple, to which the company is delaying a fix, prompting the researcher to disclose it eventually.
Bug in Apple’s HomeKit
To connect and control the smart home appliances, Apple’s way is through HomeKit – a dedicated platform to manage all the connected devices. This used the Home app support in iOS and iPad OS and does its operations.
Yesterday, a security researcher named Trevor Spiniolas has shared details on a bug that can make an iPhone or an iPad utterly useless! As per him, the Home app bug using the HomeKit in iOS 14.7 and later can trigger system reboots, when exploited by a hacker.
Four months ago I discovered and reported a serious denial of service bug in iOS that still remains in the latest release. It persists through reboots and can trigger after restores under certain conditions. https://t.co/SAFbqyZdxY — Trevor Spiniolas (@TrevorSpiniolas) January 1, 2022
