• Disclosure
  • Privacy Policy
  • DMCA Policy
  • CCPA
  • Medical Disclaimer
Sunday, June 4, 2023
SLC News Now
  • Home
  • News
  • Business
  • Technology
    • Crytpocurrency
    • Gaming
    • Gadgets
  • Sports
  • Health
  • General
    • Business Services
  • Travel
  • Press Releases
  • Popular
No Result
View All Result
  • Home
  • News
  • Business
  • Technology
    • Crytpocurrency
    • Gaming
    • Gadgets
  • Sports
  • Health
  • General
    • Business Services
  • Travel
  • Press Releases
  • Popular
No Result
View All Result
No Result
View All Result
Home Technology Gaming

IOS Devices Can Freeze, Crash Due To A HomeKit Vulnerability – Gadgets 360

ios-devices-can-freeze,-crash-due-to-a-homekit-vulnerability-–-gadgets-360
Share on FacebookShare on Twitter

Apple’s iOS-based devices could go into a cycle of freezing and crashing and eventually become unusable due to a HomeKit vulnerability that has been exposed by a security researcher. The issue exists in all iOS versions, starting with iOS 14.7. iPhone users on the latest iOS version are also affected by the denial-of-service vulnerability, the researcher said. Apple is said to be aware of the issue and allegedly promise to address it before 2022. The flaw is, however, yet to be fixed.

Security researcher Trevor Spiniolas has detailed the scope of the HomeKit vulnerability that was initially reported to Apple on August 10 last year. The attacker can exploit the flaw and bring your iPhone or iPad in a cycle of freezing and crashing by connecting it with a HomeKit device that has an extensively lengthy name of around 500,000 characters, the researcher explained.

The iOS device is said to become unresponsive once it reads the device name. The attacker could also trigger the vulnerability by using an app to rename an existing HomeKit device. Alternatively, it could be exploited by sending an invite to a new HomeKit device that has a long name.

According to the researcher, Apple introduced a limit for the name an app or the user can set for a HomeKit device in iOS 15.1. This will help reduce the impact to some extent as the attacker couldn’t impact users by triggering the vulnerability after renaming one of the connected HomeKit devices. But nonetheless, the issue can still impact users on the newer iOS versions if a HomeKit device with an extremely long name is connected via an invite.

The researcher also found that since Apple stores names of the connected HomeKit devices in iCloud, the issue persists even if a user restores an iOS device.

“If the device is restored but then signs back into the previously used iCloud, the Home app will once again become unusable,” the researcher said.

Spiniolas has created a video to give a brief look on the impact of the vulnerability even after restoring an iPhone.

Users can reject random invitations of HomeKit devices on their iPhone and iPad to avoid getting impacted by the vulnerability. Users who are already using smart home devices can also protect their hardware by disabling the setting Show Home Controls after going to the Control Centre.

In case you’re already targeted by an attacker, the researcher advises that you can resolve the issue after restoring the affected device from Recovery or DFU Mode and set it up as normal without signing up into your iCloud account. Once signed up, you should sign into iCloud from settings and then disable the switch labelled Home immediately after signing in.

Spiniolas said that although it informed Apple about the bug in August, the company failed to bring a fix since the last deadline of January 1.

“I believe this bug is being handled inappropriately as it poses a serious risk to users and many months have passed without a comprehensive fix,” the researcher said.

In 2019, Apple credited Spiniolas for reporting a vulnerability in macOS Mojave. The researcher, however, accused the iPhone maker of giving insufficient response to the fresh vulnerability.

Gadgets 360 has reached out to Apple for a comment on the matter. This report will be updated when the company responds.


SLC News Now

© 2021

Navigate Site

  • Disclosure
  • Privacy Policy
  • DMCA Policy
  • CCPA
  • Medical Disclaimer

Follow Us

No Result
View All Result
  • Home
  • DMCA Policy
  • Medical Disclaimer
  • Privacy Policy
  • Disclosure
  • CCPA
  • Terms of Use

© 2021

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
Cookie SettingsAccept All
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT