iPhones and other devices running Apple's iOS software are vulnerable to a recently discovered denial of service vulnerability known as "doorLock," as reported by TechRadar, however, Apple does not appear to be interested in resolving it.
Weakness in Apple's HomeKit system has been discovered, which may render a user's iPhone or anybody else with access to their Apple Home setup to be more prone to being unusable.
The bug was discovered by security researcher Trevor Spiniolas, who said in a blog post that the issue arises when the name of a HomeKit device is modified to something longer than 500,000 characters long.
iPhone HomeKit Bug
The bug that was founded by security researcher Trevor Spiniolas affects Apple HomeKit on iOS versions 14.7 through 15.2. HomeKit is a software platform that allows users to create smart home apps.
Spiniolas presented the weakness in a YouTube video, demonstrating that all an attacker needs to do is modify the name of a HomeKit device to something with more than 500,000 characters to trigger the flaw.
According to Spiniolas' blog post, the flaw was first reported to Apple on August 10th and is still present in iOS 15.2. The corporation allegedly pledged to fix the problem via a security update before 2022, but it never followed through. Apple has stated that it will reconsider the issue in "early 2022," but Spiniolas is taking matters into his own hands and releasing the information publicly in the meanwhile.
Impact of iPhone HomeKit Bug
It all comes down to whether or not a user has Control Center activated for Home devices. When a user has access to Home devices, as Spiniolas points out, the default action is to enable them in Control Center.
Here is how users are affected by iPhone HomeKit Bug according to National Cyber Security News Today.
Here's what happens if the devices in Control Center don't have Home devices enabled:
When users activate the Home app, it will become utterly unusable. The problem is not solved by rebooting or updating the device. The Home app will become inoperable again if the device is recovered but then signed back into the previously utilized iCloud.
Furthermore, if users have Home devices enabled in Control Center on their devices, users will experience the following:
iOS will stop responding. All input to the device is ignored or delayed greatly, and it is unable to communicate meaningfully through USB. If the user restores their device and logs back into the previously used iCloud account associated with the data, the problem will be reactivated with the same results as before.
How To Protect Yourself From iPhone HomeKit Bug
It's important to note that the problem can only be used by someone who has access to your 'Home' or who accepts an invitation to one manually.
However, because there is no effective way to restore access to local data after 'doorLock' has been triggered, users should concentrate their efforts on prevention.
Users are advised to be wary of unsolicited invitations from email accounts that seem like Apple services or HomeKit items. If the harm has already been done, users can restore their data from the iCloud by following these three steps, as recommended by Bleeping Computer:
Restore the device from Recovery or DFU Mode if necessary.
Set up the device normally, but do not login into the user's iCloud account.
After a user completed the setup, go to settings and sign in to iCloud. Disable the switch labeled "Home" immediately after doing so. The device and iCloud should now function normally without access to Home data.
Apple's latest estimate for addressing the bug is early 2022, and it will be done through a future security update.