A new HomeKit zero day bug lets attackers remotely access and control your smart home devices. It’s an iOS 11.2 bug that Apple has already fixed via a server patch, and an update to iOS 11.2 will come next week that fixes the other end of the bug on iOS devices (via 9To5Mac).
Smart Home Hack
According to 9To5Mac, the site that first broke the story, the vulnerability is hard to recreate. Full details haven’t been disclosed, presumably for security reasons. The problem isn’t with any individual smart home device, but with the HomeKit protocol itself.
It’s a hole in the software that lets any outside party control HomeKit accessories, which can range from lights to door locks. The bug requires at least one iPhone or iPad running iOS 11.2, connected to a person’s iCloud account. Earlier versions of iOS aren’t affected.
Apple released a brief statement, which says:
The issue affecting HomeKit users running iOS 11.2 has been fixed. The fix temporarily disables remote access to shared users, which will be restored in a software update early next week.
Apple customers don’t need to take any action right now. Apple has already fixed the issue on its end, and next week users can get a software update that fixes the bug on their end.