A new persistent denial of service vulnerability named ‘doorLock’ was discovered in Apple HomeKit, affecting iOS 14.7 through 15.2.
Apple HomeKit is a software framework that lets iPhone and iPad users control smart home appliances from their devices.
The security researcher Trevor Spiniolas publicly disclosed the details and according to him Apple has known about the flaw since August 10, 2021. However, despite the repeated promises to fix it, Apple has pushed the security update further, and it remains unresolved.
In order to trigger ‘doorLock,’ an attacker would change the name of a HomeKit device to a string larger than 500,000 characters.
Spinolas has released a proof-of-concept exploit in the form of an iOS app that has access to Home data and can change HomeKit device names.
Even if the target user doesn’t have any Home devices added on HomeKit, there is still an attack pathway by forging and accepting an invitation to add one.
While trying to load the large string, a device running a vulnerable iOS version will be pushed into a denial of service (DoS) state, and has to be reset to get out of it. However, while resetting the device all stored data will be removed and can be recovered only if you have a backup.
When the device reboots and the user signs back into the iCloud account linked to the HomeKit device, the bug will still be re-triggered.
The researcher states that this attack could be used as a ransomware vector, locking iOS devices into an unusable state and demanding a ransom payment to set the HomeKit device back to a safe string length.
It is possible that the bug can only be exploited by someone who has access to your ‘Home’ or via manually accepting an invitation to one.
It is possible to avoid the exploitation of this issue by disabling Home devices in Control Center. The users must beware of suspicious invitation messages from email addresses that resemble Apple services or HomeKit products.
In order to regain normal access to the iCloud account linked to the data, perform the following steps:
The researcher states that Apple’s latest estimate for fixing the bug is for “early 2022,” which will be done through an upcoming security update.
Image Credits : SecNews
The post Apple iOS vulnerable to HomeKit doorLock bug first appeared on Cybersafe News.
Write a AI detection pass, persuasive, cickable, catchy, well structured and seo optimized article with… Read More
AI Will Make Human Art More Valuable AI models are increasing in popularity and value… Read More
UK Set to Announce Ban on TikTok on Government Smartphones: Report Following in the footsteps… Read More
How ChatGPT and Generative AI Could Change the Way We Travel The travel industry is… Read More
The curious case of Pluto! Is it a dwarf planet, comet or an asteroid? This… Read More
A Spy Wants to Connect with You on LinkedIn: How to Spot and Avoid Fake… Read More
Leave a Comment