iPhone HomeKit Bug Causes Major Crash Issues: Is There a Fix?

iPhone HomeKit Bug Causes Major Crash Issues: Is There a Fix?
Security researcher Trevor Spiniolas discovered an iPhone HomeKit bug affecting iPhone and other Apple product users. The bug affects Apple HomeKit on iOS versions 14.7 through 15.2.
Photo : Feline Lim/ Getty Images

iPhones and other devices running Apple's iOS software are vulnerable to a recently discovered denial of service vulnerability known as "doorLock," as reported by TechRadar, however, Apple does not appear to be interested in resolving it.

HoKit issue

Weakness in Apple's HomeKit system has been discovered, which may render a user's iPhone or anybody else with access to their Apple Home setup to be more prone to being unusable.

The bug was discovered by security researcher Trevor Spiniolas, who said in a blog post that the issue arises when the name of a HomeKit device is modified to something longer than 500,000 characters long.

iPhone HomeKit Bug

The bug that was founded by security researcher Trevor Spiniolas affects Apple HomeKit on iOS versions 14.7 through 15.2. HomeKit is a software platform that allows users to create smart home apps.

Spiniolas presented the weakness in a YouTube video, demonstrating that all an attacker needs to do is modify the name of a HomeKit device to something with more than 500,000 characters to trigger the flaw.

According to Spiniolas' blog post, the flaw was first reported to Apple on August 10th and is still present in iOS 15.2. The corporation allegedly pledged to fix the problem via a security update before 2022, but it never followed through. Apple has stated that it will reconsider the issue in "early 2022," but Spiniolas is taking matters into his own hands and releasing the information publicly in the meanwhile.

Impact of iPhone HomeKit Bug

It all comes down to whether or not a user has Control Center activated for Home devices. When a user has access to Home devices, as Spiniolas points out, the default action is to enable them in Control Center.

Here is how users are affected by iPhone HomeKit Bug according to National Cyber Security News Today.

Here's what happens if the devices in Control Center don't have Home devices enabled:

When users activate the Home app, it will become utterly unusable. The problem is not solved by rebooting or updating the device. The Home app will become inoperable again if the device is recovered but then signed back into the previously utilized iCloud.

Furthermore, if users have Home devices enabled in Control Center on their devices, users will experience the following:

iOS will stop responding. All input to the device is ignored or delayed greatly, and it is unable to communicate meaningfully through USB. If the user restores their device and logs back into the previously used iCloud account associated with the data, the problem will be reactivated with the same results as before.

Read Also: T-Mobile Data Breach: Company Confirms SIM Swapping Attack Affected Some Consumers

How To Protect Yourself From iPhone HomeKit Bug

It's important to note that the problem can only be used by someone who has access to your 'Home' or who accepts an invitation to one manually.

However, because there is no effective way to restore access to local data after 'doorLock' has been triggered, users should concentrate their efforts on prevention.

Users are advised to be wary of unsolicited invitations from email accounts that seem like Apple services or HomeKit items. If the harm has already been done, users can restore their data from the iCloud by following these three steps, as recommended by Bleeping Computer:

  • Restore the device from Recovery or DFU Mode if necessary.

  • Set up the device normally, but do not login into the user's iCloud account.

  • After a user completed the setup, go to settings and sign in to iCloud. Disable the switch labeled "Home" immediately after doing so. The device and iCloud should now function normally without access to Home data.

Apple's latest estimate for addressing the bug is early 2022, and it will be done through a future security update.

Related Article: LastPass Promises No Data Breach Following Hacking Scare; Caused by Fabricated Breach Alerts?

© 2022 iTech Post All rights reserved. Do not reproduce without permission.

More from iTechPost