Security researchers found the Apple HomeKit vulnerability

Apple HomeKit vulnerability

As early as the beginning of this month, some developers found a serious flaw in HomeKit that allowed anyone to control unauthorized devices on the network. Unfortunately, after more than half a month, Apple still can not perfectly solve this problem. It is understood that as early as October 28 when a developer named Khaos Tian has found the problem, and on October 29 to report to Apple’s product safety team.

Although Apple promised in a reply that they would investigate throughout November, since then the developer sent the number of e-mail, but did not reply.

 

However, with the arrival of the new version of iOS 11.2, Khaostian was disappointed to find out that although Apple did fix some of the issues mentioned in the report, it made the attack a breeze.

The developer said the entire vulnerability in HomeKit now has two problems: Although in theory, no one can find a HomeKit device unique ID, two separate BUGs allow an attacker to find it without any authorization. Second, if an unauthorized person sends an order to a HomeKit appliance, HomeKit does not certify it and simply passes the order.

If you start using HomeKit appliances in your home then this problem can get serious as more homes are using smart locks. Once a smart lock is made, it is very dangerous. However, Khaos Tian complained that in fact, the biggest danger is that Apple’s response is too slow this time.

We might see the perfect solution to the problem in the next version – who knows? Perhaps the final bug will not cause serious impact, but Apple is more focused.

Reference: theverge