Apple fixes HomeKit bug that left users' doors open to hackers
Apple has fixed a vulnerability in its HomeKit internet-of-things platform that allowed a hacker to take remote control of users' gadgets, including smart locks.
9to5Mac first wrote about the vulnerability, which it says is "difficult to reproduce." Still, it was dangerous. If there was one iPhone or iPad running iOS 11.2 connected to a HomeKit user's iCloud account, that account was vulnerable. An attacker could potentially tamper with a user's smart lights or thermostats, or — even worse — open their garage or even their front door if it had a HomeKit-enabled smart lock.
Apple told 9to5Mac, "The issue affecting HomeKit users running iOS 11.2 has been fixed." However, "The fix temporarily disables remote access to shared users, which will be restored in a software update early next week," an Apple spokesperson said.
Fortunately for users, there's nothing they need to do at this time — their HomeKits are already safe from hackers (at least from any known bugs).
This Tweet is currently unavailable. It might be loading or has been removed.
Bugs do happen and IoT gadgets like smart locks definitely aren't immune to them, but it appears Apple has really dropped the ball recently when it comes to the security of their products.
In October, Apple fixed a macOS High Sierra bug that exposed the user's password in plain text in certain scenarios. Late last month, the company fixed another embarrassing macOS bug — one that enabled anyone to easily gain administrator access to a Mac. Even though Apple publicly apologized for that bug and promised to tighten up security, that fix contained another bug, which temporarily broke file sharing for some users.
Topics Apple
Stan is a Senior Editor at Mashable, where he has worked since 2007. He's got more battery-powered gadgets and band t-shirts than you. He writes about the next groundbreaking thing. Typically, this is a phone, a coin, or a car. His ultimate goal is to know something about everything.
