Apple devices exposed. A vulnerability in iOS that uses HomeKit as an attack vector involving very long device names, has been disclosed after a researcher disclosed it to Apple in August 2021.
As with its other products, Apple is keen on keeping HomeKit as secure as possible for its users. In a disclosure published on January 1, it seems that there is a bug in the smart home platform that could cause problems for its users.
HomeKit was introduced in iOS 8 back in 2014 as a way to control smart home devices from your iPhone from apps or Siri. One of the big benefits is the setup process, where you can just scan the HomeKit code printed on the device and your iPhone will immediately recognize it and set it up.
HomeKit has evolved since then, including the addition of the Home app, which gives you a central place on your iPhone to control everything in your house.
There are a ton of popular smart home products that still don’t support HomeKit, including the Nest Thermostat and Belkin WeMo line, which is some of the most recognizable smart home products on the market.
Security Researcher Trevor Spiniolas has called the bug “doorLock,” and claims it affects all iOS versions from iOS 14.7 onwards under testing, though it is likely to also exist on all iOS 14 versions too.
Furthermore, while an update in iOS 15.0 or 15.1 imposed a limit on the length of a name that an app or a user could set, the name can still be updated by previous iOS versions. If the bug is triggered on an iOS version without the limit and shares HomeKit data, all devices it shares the data with will be affected as well, regardless of version.
Some people are of the belief that their Social Security Number (SSN) is the most valuable number. In reality, your mobile phone number is even more valuable to hackers and scammers.
Take the recent data breaches as an example. Scammers can use the breach data to SIM Swap your number and become you. Once the scammer and hackers have control of your number it is a matter of minutes to hours before they reak havoc on your entire life. These scammers and hackers, now that they control your number, can gain access and steal all your bank accounts, crypto, social media, and other accounts. We take for granted how much our mobile controls in our lives.
It is time you protect yourself today and get SAFE secured.