An iOS 11.2 Vulnerability Allows Unauthorized Access To HomeKit Devices, As Server-Side Fix Has Rolled Out

According to 9to5Mac, a HomeKit vulnerability found in iOS 11.2 that allowed unauthorized access to HomeKit accessories that included smart locks has been fixed by Apple. As they rolled out a server-side fix disabled remote access for shared user while also limiting some functionality.
 

In order to restore full functionality, an update to iOS 11.2 coming next week will able to reintroduce that feature. Though the vulnerability impacted all HomeKit devices, it is of particular interest to HomeKit users with smart locks and other HomeKit-enabled devices that allow access to the home - someone may gain entry to a dwelling without a physical key.

Apple was first informed about the security issue and other related HomeKit vulnerabilities in October. Some of the problems were addressed in iOS 11.2 and watchOS 4.2, while the rest were fixed server side, reports 9to5Mac.

"The issue affecting HomeKit users running iOS 11.2 has been fixed. The fix temporarily disables remote access to shared users, which will be restored in a software update early next week."

HomeKit - first launched in 2014, has seen many major improvements its adoption has grown steadily. Majority manufacturers have now embraced HomeKit, and there are HomeKit lights, outlets, switches, thermostats, window coverings, fans, sensors, cameras, locks, and garage door openers.

Via MacRumors, Image Credit 9to5Mac

Post a Comment

Previous Post Next Post