Security researcher shares HomeKit security bug

Published
Advertisements

A vulnerability in HomeKit has recently been discovered, and one that involves long device names.

HomeKit

Trevor Spiniolas shared a vulnerability in iOS HomeKit to Apple August 2021, particularly an incident where a device name has a ‘long string’, or around 500,000 characters. When this happens, iPadOS and iOS devices can be rendered unusable and rebooted. Furthermore, when the long name is put on iCloud and across other iOS devices, the bug can reappear.

Spiniolas named the vulnerability ‘doorLock’, and mentioned that the bug affects iOS 14.7 and newer through testing. While iOS 15 and 15.1 put a limit on the name, the device could still receive an update from previous versions and might still be affected if it has HomeKit data.

Updating to a newer version or rebooting is not known to resolve the issue. Spiniolas also says that an attacker could send Home invitations and infect the device with the ‘doorLock’ bug even if they don’t have a HomeKit device.

Advertisements

Samantha Wiley

Samantha is a senior news editor at iLounge. She has been covering the technology industry for over five years, writing about Apple, Google, and other major companies. Samantha has also worked as a reporter and editor for several other publications.