Published in News

Apple’s HomeKit vulnerable

by on04 January 2022

Hackers can take over your home

The software genii at the fruity cargo-cult Apple have penned some natty code which allows a hacker to take a fanboy’s “smart” home.

Security researcher Trevor Spiniolas has discovered something he called a vulnerability which is clearly a feature unavailable on Android or Window’s devices.

He said it is capable of locking iOS devices into a spiral of freezing, crashing, and rebooting if a user connects to a sabotaged Apple Home device.

The vulnerability can be exploited through Apple's HomeKit API, the software interface that allows an iOS app to control compatible smart home devices.

All the hacker must do is create a HomeKit device with an extremely long name -- around 500,000 characters -- then an iOS device that connects to it will become unresponsive once it reads the device name and enter a cycle of freezing and rebooting that can only be ended by wiping and restoring the iOS device.

Spiniolas said that to make matters worse HomeKit device names are backed up to iCloud, signing in to the same iCloud account with a restored device will trigger the crash again, with the cycle continuing until the device owner switches off the option to sync Home devices from iCloud.

Though it's possible that an attacker could compromise a user's existing HomeKit-enabled device, the most likely way the exploit would be triggered is if the attacker created a spoof Home network and tricked a user into joining via a phishing email.

There are three work arounds for the Apple fanboy. They can reject any invitations to join an unfamiliar Home network and disable the setting "Show Home Controls." (This won't prevent Home devices from being used but limits which information is accessible through the Control Centre). However, the best work around, which will also save you money in the long term, is to buy computer with better software.


Last modified on 04 January 2022
Rate this item
(0 votes)

Read more about: