According to an article by Zac Hall of 9to5Mac, a vulnerability in iOS 11.2 was found that allowed unauthorized access to smart devices such as locks, security cameras and garage doors if a user owned at least one Apple device on iOS 11.2 connected to the HomeKit user's iCloud account. Though Apple has thankfully created a fix that will prevent this unauthorized access at the cost of slightly limited functionality, Hall noted the seriousness of the vulnerability:
The vulnerability, which we won't describe in detail and was difficult to reproduce, allowed unauthorized control of HomeKit-connected accessories ... The most serious ramification of this vulnerability prior to the fix is unauthorized remote control of smart locks and connected garage door openers, the former of which was demonstrated to 9to5Mac.
Hall also clarified that the vulnerability had nothing to do with the smart home accessories themselves, but were instead an issue with Apple's HomeKit framework, and that since the fix is already being administered users will not have to take any additional steps to protect themselves at this time:
Users need to take no action today to resolve the issue as the fix that is rolling out is server-side. The future update to iOS coming next week will resolve any broken functionality.
Between now and next week's update, HomeKit-ers may notice that they aren't able to grant shared users remote access — not ideal for sure, but also not the worst price to pay to assure safety and security.
Though bugs like this can be extremely serious, they don't necessarily mean that you need to toss out all your automated home devices. As Hall points out in his piece, bugs are a part of software development and happen all the time. Even widely-released physical products can have flaws and need to be recalled for safety reasons, but that doesn't mean that you should stop using them altogether. In the end, choosing whether or not to use smart home products is always an individual decision, like choosing to use anything else. As long as you use them thoughtfully, you should be just fine:
Trusting HomeKit and smart home products with your security, however, will have to be a personal decision now just like it always has. Personally, once this vulnerability has been patched, I believe I'll be comfortable with trusting HomeKit security solutions to remain protected, but you can always use an old fashioned lock and key or install security cameras as a double measure.
Questions?
If you have any questions regarding this vulnerability, you can check out Zac Hall's complete article here or ask us for help in the comments below.
We may earn a commission for purchases using our links. Learn more.
Nintendo Switch is back in stock for its normal $299 price!
The Nintendo Switch is finally back in stock for its regular retail price of $299. Do not miss your chance to get one right now. The Switch sells out fast and is rarely in stock. You won't regret it.
Some great indy apps go unnoticed. Devs, here's how to tell me about them
If you're an independent app developer I want to hear from you. Here's how to get in touch.
Save 25% on everything Mujjo makes including some great iPhone cases
Mujjo makes some stunning iPhone cases and now you can save 25% on anything you like. They even make gloves designed for touching your iPhone!
Looking for some last minute HomeKit gift ideas? We got you covered!
With the holiday clock ticking down, there's only a bit of time left to grab an awesome HomeKit-enabled device for that special someone.