Apple Fix for HomeKit Vulnerability: Impacts on Smart Locks and Other Devices
A recent iOS security flaw has left devices open to unauthorized access by third parties. According to Apple, it has quickly issued a fix for this security bug, with a full solution due out in the next week. The bug has reportedly been able to open devices and made it possible for outside users to access smart locks as well as garage doors and other HomeKit functionality.
This security flaw meant that hackers could have had the potential to gain remote control access to a variety of household devices, including lights, locks, and cameras in so-called “smart homes” that use Apple’s HomeKit.
Apple has confirmed the presence of the security bug, and was affecting devices that use Apple’s HomeKit service and run on iOS 11.2. Additionally, they have announced that the problem has been resolved. The fix that has been issued will temporarily disable remote access for shared users. This can later be restored using the software update due out early next week.
It appears that the fix is a server-side update for now. This means that for the fix to take effect, end-users will not need to update anything on their side. Unfortunately for users running iOS 11.2, this means they will not have the full functionality of their standard remote HomeKit. However, this situation is only temporary as Apple is set to roll out a more permanent solution next week. In order to restore the full functionality of the HomeKit services, users will need to update their device to the latest iOS version upon its release.
According to 9to5Mac, Apple was made aware of the security issue in October which was accompanied by other vulnerabilities in the HomeKit functionality. Apple addressed some of these issues in their iOS 11.2 update of the operating system, with the remainder of the issues addressed on the server’s side.
The initial report issued by Apple does not detail too many of the specifics relating to the exploit. It was only noted that the vulnerable situation would require at least a single device (that is, an iPhone or an iPad) that runs on the latest operating system from Apple, iOS 11.2, as well as the device would need to be connected to the iCloud account of a HomeKit user. It seems to be a rather difficult situation to replicate as it does not affect any of the earlier versions of the Apple operating system.
This does, however, highlight some concerns with regards to the functionality of the smart home system, especially since users are connecting more and more devices to this electronic ecosystem with the popularity of functions such as HomeKit, Alexa, and Assistant.
How are bugs affecting the overall development of software?
Bugs are an expected part of software development which keeps developers on their toes to always be ready for a fix if something goes wrong. In recent weeks, Apple has had to rush in to issue a fix for a few prominent bugs on both iOS and macOS. Just as they have patched those bugs up with minimal end-user inconvenience, so they have handled the latest HomeKit bug.
Since HomeKit was launched in 2014, it has undergone a variety of major improvements. It has thus, become increasingly popular amongst users as the user-base has steadily grown with the integration of a variety of products around the home. Plus, it incorporates Siri, making it enabled to work with voice commands. Numerous manufacturers have accepted HomeKit with open arms and have incorporated it into products such as lights, switches, outlets, thermostats, fans, window coverings, sensors, locks, cameras and openers for garage doors. Companies such Kwikset, Friday, August, Koogeek, Yale and, Schlage all produce smart-locks that are enabled with HomeKit functionality and can be controlled using Siri voice commands together with other HomeKit apps.
Apple has addressed the situation in a timely manner, issuing this temporary fix while they work on a more stable and permanent fix.