Skip to main content

Zero-day security flaw hits Apple HomeKit products

(Image credit: Image Credit: / Pexels)

A vulnerability has been discovered in the latest version of iOS that allows unauthorised users to access Apple's HomeKit and control a number of connected devices such as smart garage door openers and even smart locks.

Despite being considerably difficult to reproduce, the vulnerability did allow some users to bypass security checks and take control of a wide range of HomeKit connected accessories such as wall plugs, smart lights and thermostats.  However, other more security-focused smart devices were also accessible which could be be utilised to grant an unauthorised person access to a HomeKit users' home. 

Often times the issue stems from smart devices not being secured properly and security experts continue to highlight the potential security threat that these devices could pose to their owners.  However, this time that was not the case and the issue was instead with HomeKit's own framework. 

For the vulnerability to be exploited, a user would need at least one iPhone or iPad running iOS 11.2 and would have to be connected to the HomeKit user's iCloud account.   

Apple first heard of vulnerability at the end of October and the latest updates to iOS and watchOS have been able to fix some of the issues.  The company addressed the remaining issues through a server-side update on its end and HomeKit users did not have to take any action to apply the fix. 

With any new technology released, there will be bugs and hang ups as developers try to iron out any mistakes. So the question is then, is a home with smart functionality worth the risk now or would you rather wait for it to mature before this emerging technology? 

Image Credit: / Pexels

Anthony Spadafora
After living and working in South Korea for seven years, Anthony now resides in Houston, Texas where he writes about a variety of technology topics for ITProPortal.