(Updated Jan. 12, 2022 – Apple has released a patch to take care of the annoying bug detailed in the following article. Update your iPhone to iOS 15.2.1 and iPad to iPadOS 15.2.1 now to fix the problem. Step-by-step instructions on updating your device can be found at the end of this article.)
More and more people are turning their dwellings into smart homes for good reason. The convenience of controlling everything from lights to locks and everything in between with your phone or voice is just too fantastic to ignore. Haven’t started making your home smart? Tap or click here to build a smart home at any budget.
One downside to having a smart home is it opens you up to security threats that you otherwise wouldn’t need to worry about. And sometimes, a hacker doesn’t even need to infiltrate your home system. All criminals need to do is get you to connect to a compromised network.
Now, cybercriminals have come up with a clever way to trick victims into crashing their own systems. Read on to find out how they’re doing it and ways to stay protected.
Here’s the backstory
Like Google Home, Apple’s HomeKit is a software framework to control smart home technology. You can use HomeKit to control thermostats, lock the doors to your house, toggle light switches and more. It also integrates with Siri, which lets you enact functions through voice commands.
Not just anybody can control your smart home, as you need to be invited on the app to do so. But hackers are exploiting a new vulnerability in the HomeKit app that can send your iPhone into a death spiral.
Detailed by security researcher Trevor Spiniolas, there are two scenarios that attackers can use. One method is spoofing your HomeKit setup and sending you a phishing email with an invitation to join. With the other, the attacker has access to your network and can change the name of a HomeKit device.
Hackers then change the name of a HomeKit device to around an extremely long 500,000 characters. When you connect to it, your iPhone or iPad can’t handle the length of characters and freezes up. The troubles stack up if you have other Home devices enabled in the iPhone’s Control Center.
“iOS will become unresponsive. All input to the device is ignored or significantly delayed, and it will be unable to meaningfully communicate over USB. After around a minute, backboardd will be terminated by watchdog and reload, but the device will remain unresponsive,” Spiniolas explained in a blog post.
Since the details of HomeKit are stored in iCloud, it will constantly connect and cause problems. This will send your iPhone into an indefinite loop and become unresponsive.
What you can do about it
If you have been affected by this vulnerability, the only thing you can do is factory-reset your device.
But even that won’t completely solve the issue, as you can’t log in to your iCloud account without triggering the bug. Spiniolas gives step-by-step instructions on what to do under the Solution section of his blog. You can find them here.
Since one way the HomeKit flaw can be exploited is through phishing attacks, here are some ways to stay safe:
- Never accept invitations to join a Home if you don’t know the person who sent it to you. Even then, make sure that it is a genuine invitation and not a spoofed one.
- If you don’t need HomeKit, disable the Home Controls on your device. To do this, open the Settings app, scroll down and tap on Control Center and disable the Show Home Controls switch.
How to update your iPhone and iPad
- Open Settings.
- Tap General.
- Select Software Update.
- Tap Download and Install. Enter your passcode if asked to do so.
🚨 What it means for you
Even if you don’t have any Home devices added yourself, this bug can still impact iPhones running the latest iOS 15.2. The biggest takeaway is to avoid accepting Home invitations you don’t recognize.
✅ Bugs like these aren’t the only way iPhone owners are potentially at risk. Tap or click here for step-by-step instructions to set up one of the most powerful security features on your iPhone.
✅ Another way to start the new year right when it comes to your digital security — audit your passwords. Tap or click here for directions to fix all of the compromised passwords on your iPhone.
Now your iPhone can check your heart and breathing without a smartwatch – Here’s how
You should enable iPhone’s new App Privacy Report – Here’s how