Apple fixes HomeKit bug that allowed remote unlocking of users' doors

Security flaw in latest iPhone and iPad iOS 11.2 software meant hackers could potentially gain remote control of lights, cameras and locks in smart homes

Apple has been forced to fix a security hole within its HomeKit smart home system that could have allowed hackers to unlock users’ smart locks or other devices.

The bug within iOS 11.2 permitted unauthorised remote control of HomeKit-enabled devices. Such devices include smart lights, plugs and other gadgets, but also includes smart locks and garage door openers.

An Apple spokesperson said: “The issue affecting HomeKit users running iOS 11.2 has been fixed. The fix temporarily disables remote access to shared users, which will be restored in a software update early next week.”

The company said the temporary fixed was made server side, meaning that users do not have to do anything for it to take effect, but also that it breaks some functionality of the system.

The vulnerability, disclosed to 9to5Mac, required at least one iPad, iPhone or iPod Touch running the latest software version iOS 11.2 to have connected to the iCloud account associated with the HomeKit system. Previous versions of iOS appear not to have been affected. To exploit the bug the attackers would need to know the email address associated with the Apple ID of the homeowner and knowledge of how the system worked.

Experts said that while issues with smart-home systems such as this impact consumer confidence in smart locks and other security devices, traditional locks can also be easily undermined with traditional picking techniques.

The security bug is just the latest in a series of issues affecting Apple’s software on both its iPhone and Mac computers. Since November, iPhone and iPad users have been plagued with bugs affecting the autocorrect system, including issues typing the word “it” and the letter “I”, having it replaced with odd symbols.

Apple was also forced to apologise after a serious security flaw that allowed anyone to take control of a Mac running the latest version of macOS High Sierra with a blank password was revealed. The company rushed out a fix for the security bug, which then broke the file sharing system, which itself needed fixing in a later software update.

“We greatly regret this error and we apologise to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better,” Apple said at the time.

Contributor

Samuel Gibbs

The GuardianTramp

Related Content

Article image
Your iPhone's password demands aren't just annoying. They're a security flaw
A developer has warned it is possible to create a phishing attack based on a fake sign-in request for Apple ID credentials

Alex Hern

12, Oct, 2017 @11:17 AM

Article image
iOS 12: everything you need to know about new iPhone features
Apple has unveiled its new OS for its smartphones and tablets. What does it mean for notifications, privacy and emoji?

Samuel Gibbs

05, Jun, 2018 @11:17 AM

Article image
Apple faces lawsuit over storage space on iPhones and iPads
Firm failed to tell consumers that iOS 8 software could take up as much as 23.1% of advertised storage capacity, claims lawyer

Samuel Gibbs

02, Jan, 2015 @5:48 PM

Article image
Apple blocking ads that follow users around web is 'sabotage', says industry
New iOS 11 and macOS High Sierra will stop ads following Safari users, prompting open letter claiming Apple is destroying internet’s economic model

Alex Hern

18, Sep, 2017 @12:34 PM

Article image
iOS 10 brings bigger emojis, better Siri and facial recognition to iPhone
Apple launch new version of iPad and iPhone operating system, including redesigned Apple Music, internet of things Home app, and new Apple Watch OS

Samuel Gibbs

14, Jun, 2016 @9:15 AM

Article image
iOS 15 release: everything you need to know about Apple’s big update
Free software upgrades for iPhone, iPad and Watch improve notifications, Safari, FaceTime and more due for release

Samuel Gibbs Consumer technology editor

20, Sep, 2021 @10:43 AM

Article image
WWDC 2019: Apple unveils new iOS, iPad OS, macOS and Mac Pro
The iTunes app is dead, your iPhone will be faster and the $5,999 Mac Pro becomes firm’s most expensive computer

Samuel Gibbs

03, Jun, 2019 @7:45 PM

Article image
Apple publishes recovery instructions for bug that crashes iOS devices
iMessage issue solved by asking Siri to read and reply to unread messages – but it’s only a temporary fix in advance of full software update

Stuart Dredge

29, May, 2015 @4:26 AM

Article image
Apple releases newest version of Mac OS, Yosemite, for download
New operating system released alongside iOS 8.1, restoring the Camera Roll to iOS devices and introducing iCloud Drive. By Alex Hern, Samuel Gibbs and Max Miller

Samuel Gibbs in Berlin and Alex Hern and Max Miller in London

16, Oct, 2014 @5:56 PM

Article image
Take that, FBI: Apple goes all in on encryption
Apple’s newest encryption tool better secures files on all its devices, just the latest in a move to widespread encryption in the tech industry

Nathaniel Mott in New York

15, Jun, 2016 @10:42 AM