Apple has issued a fix for a vulnerability in its HomeKit framework that could have allowed hackers to connect to and open smart locks and other home devices.
The problem is in the current version of iOS 11.2. The bug permitted unauthorized remote access to Apple HomeKit products, which include smart lights, thermostats, plugs, locks, and garage door openers.
9to5Mac, which discovered the problem, doesn’t go into detail about how it works, but the site does say that the vulnerability required at least one iPhone or iPad on iOS 11.2 connected to the HomeKit user’s iCloud account. Devices running earlier versions of iOS weren’t affected.
Apple has made a temporary fix server side, so users don’t have to take any additional action themselves. The fix does, however, disable remote access to shared users, but this will be restored in a software update next week. HomeKit users should remember to install the latest update as soon as it arrives.
While the vulnerability doesn’t sound like it was the easiest to exploit, it has once again raised questions over the safety of smart home devices and Internet of Things products in general. Spying on people through IoT devices is bad enough, but being able to open someone’s front door or garage remotely and gain access to their home is even worse.
It’s thought that Apple was aware of the vulnerability as far back as late October, and while some issues were fixed in iOS 11.2, not all of them were addressed.