Apple on Wednesday patched a security flaw that allowed iPhones, iPads and iPods to be remotely locked through a breach in the HomeKit home automation system. From the opening, called doorLock, attackers could cause the devices to enter an infinite loop of reboots, which could only be resolved with a reset to factory settings.
The flaw was located by expert Trevor Spiniolas and involves HomeKit’s device authorization system. In the attack, it was possible to change the name of the devices so that they reached 500 thousand characters; if the request was accepted, this count would exhaust iOS resources and cause the device to crash. When restarted, however, the identification processing was done again, generating an infinite error.
All devices running HomeKit would be subject to exploitation, with iOS and iPadOS 15.2.1 updates addressing the issue. It has been available for devices since the iPhone 6s, as well as different generations of the iPad, including the Pro, mini and Air 2, as well as the seventh generation iPod touch, with the flaw being considered critical.
Want to stay on top of the best tech news of the day? Access and subscribe to our new youtube channel, Kenyannews News. Every day a summary of the main news from the tech world for you!
Spiniolas, however, drew attention to the fact that he discovered and presented the breach to Apple in August of last year, with the release of the update being delayed several times. The expert stated that the company handled doorLock improperly, only now applying proper validation of device names so that the loophole could not be exploited by third parties.
The expert revealed the details of the flaw, as well as a proof of concept, on January 1, after waiting for responsible disclosure deadlines and fixes that did not come. Now, 11 days later, comes the official update from Apple, which credited the programmer, but did not say more about it.
How to prevent iPhone and iPad from crashing
While it didn’t result in account compromises or data leaks, the flaw was significant in that it required a factory reset to unlock the devices. Even a recovery after that, though, could bring the problem back, as when restoring iCloud backups, the user could also bring back the HomeKit settings, and with them, the malicious name that caused it all.
Before the update, the only way to reverse the process was to access the profile from an unreached device and unlink the fraudulent device. In addition, the general recommendation is for users to be careful with the authorizations given in the automation system, allowing only contact with recognized and reliable systems.
Finally, it’s always important to keep devices, operating systems, and applications running the latest versions. Applying updates helps protect against known flaws such as doorLock, especially in cases where proofs of concept are available and can be used in attacks that take advantage of users’ inattention to install updates.
