HomeKit vulnerability allows unauthorized access to accessories, a fix is already in place

A new vulnerability has been found in Apple’s HomeKit platform, allowing a hacker the ability to control your lights, thermostats, garage door, or even your lock. Fortunately, a temporary fix has already been implemented by Apple.

9to5mac first reported the exploit that was demonstrated to them, though was apparently quite difficult to reproduce.

When executed, it would allow unauthorized access to any HomeKit accessory, though smart locks are a particularly scary targets.

Subscribe to iDownloadBlog on YouTube

When 9to5mac reached out to Apple for comment, they said there was no need for users to worry.

“The issue affecting HomeKit users running iOS 11.2 has been fixed. The fix temporarily disables remote access to shared users, which will be restored in a software update early next week.”

The issue was related to the HomeKit framework, and not individual accessories. Apple was able to temporarily put a fix in place server-side, while a permanent fix will come in an updated version of iOS 11.2 early next week.

The temporary fix removes remote access for shared users, and will work again when the permanent fix is rolled out.

The vulnerability was reported to Apple back in October, and they’ve introduced some fixes in the first versions of iOS 11.2 and watchOS 4.2.

HomeKit has been gradually picking up steam lately. In iOS 11, Apple reduced some of the entry barriers for manufacturers, and it is likely we will see even more growth in 2018.

Have you jumped on the smart home bandwagon? To security concerns like this prevent you from making the leap? Let us know below.