Saintel Daily

If it Happened | We Covered it

An iOS Vulnerability is Allowing Unauthorized Access to Smart Devices

apple logo
A vulnerability found in iOS is allowing unauthorized access to smart devices - like locks, for example. Why do these things keep happening with Apple?

apple homekit

It’s not looking good for Apple.  I mean, it’s not a large-scale scandal, but they keep finding themselves with security issues.  This time, there was a vulnerability in iOS 11.2 related to HomeKit.  Now, this isn’t the first security issue we’ve seen with Apple, and it makes you wonder what’s going on with their engineers.  While I am not sure that we will get an answer to that, they certainly are being sloppy lately.  Getting back to HomeKit. The issue allowed unauthorized access to smart devices, such as locks, security cameras, and garage doors.  How is this happening exactly?  In order for your device to be vulnerable, the following conditions have to exist:

  • You are using iOS 11.2 on one of your devices, and;
  • That device is connected to your HomeKit’s Cloud account

Even though Apple has created a fix that will prevent unauthorized access, I see this becoming a pattern. As I said – the vulnerability allowed unauthorized control of HomeKit connected accessories.  The most serious ramification of this vulnerability prior to the fix is unauthorized remote control of smart locks and connected garage door openers.  This vulnerability has nothing to do with the smart home accessories themselves, but the issue was with Apple’s HomeKit framework.  The fix is already being administered to users, which means they will not have to take any additional steps in order to protect themselves.  But it’s scary that this is happening, regardless.

homekit accessories

I should note – the “fix” is a temporary one.  There will be another update next week, which should get things back to normal with HomeKit.  At least that’s what they’re saying.  Normally, I wouldn’t have any issues with Apple in this regard, but lately, they’ve just been sloppy.  Which makes me wonder if the update is actually going to fix the problem? As I said, the fix is temporary, which means users will have limited functionality until the update is available.  This doesn’t really look good on Apple.

These kinds of vulnerabilities can be extremely serious.  That said, don’t throw away your smart home or your connected devices just because of this.  Bugs are a part of the software development process and they happen all the time.  Perhaps Apple should be more proactive in their assessment of their software.  That would have prevented this from happening.  But maybe I’m being too hard on Apple? If this was the only security issue that they have had, then this wouldn’t be such a big deal for me.  But this is not.  It’s the second or even third in a matter of weeks.

With the macOS issue, unauthorized users could log into your Mac and do whatever they wanted. The bug was fixed quickly.  However, the fact that it happened in the first place is troublesome.  Maybe I’m too hard on Apple, but why can’t they get it together?  Another issue with iOS 11 – is the “i” issue.  When people would type “i”, it became A[?].  While that isn’t a security issue, it’s extremely annoying and shouldn’t happen when you pay $1,000 for a device.  And now this.  What will be next?  I want to suggest that the answer to that should be nothing, but like I said – bugs are inevitable.  Let’s hope that they’re minor at least.

%d bloggers like this: