Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 13 MINUTES AGO.
You are here: Home / Security Solutions / Apple Fixes HomeKit System Bug
Apple Fixes HomeKit Bug that Left Smart Gadgets Vulnerable
Apple Fixes HomeKit Bug that Left Smart Gadgets Vulnerable
By Samuel Gibbs Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
DECEMBER
08
2017
Apple has been forced to fix a security hole within its HomeKit smart home system that could have allowed hackers to unlock users’ smart locks or other devices.

The bug within iOS 11.2 permitted unauthorized remote control of HomeKit-enabled devices. Such devices include smart lights, plugs and other gadgets, but also includes smart locks and garage door openers.

An Apple spokesperson said: “The issue affecting HomeKit users running iOS 11.2 has been fixed. The fix temporarily disables remote access to shared users, which will be restored in a software update early next week.”

The company said the temporary fix was made server side, meaning that users do not have to do anything for it to take effect, but also that it breaks some functionality of the system.

The vulnerability, disclosed to 9to5Mac, required at least one iPad, iPhone or iPod Touch running the latest software version iOS 11.2 to have connected to the iCloud account associated with the HomeKit system. Previous versions of iOS appear not to have been affected. To exploit the bug the attackers would need to know the email address associated with the Apple ID of the homeowner and knowledge of how the system worked.

Experts said that while issues with smart-home systems such as this impact consumer confidence in smart locks and other security devices, traditional locks can also be easily undermined with traditional picking techniques.

The security bug is just the latest in a series of issues affecting Apple’s software on both its iPhone and Mac computers. Since November, iPhone and iPad users have been plagued with bugs affecting the autocorrect system, including issues typing the word “it” and the letter “I”, having it replaced with odd symbols.

Apple was also forced to apologize after a serious security flaw that allowed anyone to take control of a Mac running the latest version of macOS High Sierra with a blank password was revealed. The company rushed out a fix for the security bug, which then broke the file sharing system, which itself needed fixing in a later software update.

“We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. Our customers deserve better,” Apple said at the time.

© 2018 Guardian Web under contract with NewsEdge/Acquire Media. All rights reserved.

Image credit: Product shots by Apple.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN SECURITY SOLUTIONS

NETWORK SECURITY SPOTLIGHT
Over the past decade, hospitals have been busy upgrading their systems from paper to electronic health records. Unfortunately, spending so much on EHR may have left insufficient funds for security.
The British government officially blamed Russia for waging the so-called NotPetya cyberattack that infected computers across Ukraine before spreading to systems in the U.S. and beyond.
ENTERPRISE SECURITY TODAY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.