A bug spotted in HomeKit could crash your iPhone and iPad. According to a computer security researcher, this breach could also allow an attacker to launch a ransomware attack on your device. Aware of the risks, Apple is lagging behind in proposing a fix.
Trevor Spiniolas, a computer security researcher, discovered a serious bug in HomeKit, the home automation solution developed by Apple. “This bug was first reported on August 10th. […] Apple said it plans to fix the bug in a security update before 2022, but has yet to introduce an actual fix. On December 8, they revised their estimate ”, explains Trevor Spiniolas.
Believing that Apple does not take the failure seriously, the security expert preferred to disclose the flaw publicly. This maneuver aims to force the Cupertino giant to take measures to protect users as soon as possible. “I think this bug is handled inappropriately as it poses a serious risk to users and many months have already passed without any solution”, considers the expert.
On the same theme: a Wi-Fi bug threatens your device, quickly download the iOS 14.7 update
How to protect your iPhone against this HomeKit bug?
According to Trevor Spiniolas, this bug occurs whena HomeKit device whose name exceeds 500,000 characters is added to a user’s home through the Home app. “Restoring a device and reconnecting to the iCloud account linked to the HomeKit device will trigger the bug again”, warns the researcher. IPhones running iOS 15 or earlier are affected.
According to the tests carried out, the bug may quite simply crash iPhone or iPad which allows to control the accessory via Home. Malfunctions are reserved for devices which have activated the House Controls option. This is a section of the Control Center that provides access to “Command suggestions for Home scenes and automations” without having to open the app.
In some cases, the device may restart repeatedly. To avoid problems, he recommends deactivate the House Controls option. We explain how to do this below:
- Go to Settings
- Tap on Control Center
- Simply uncheck the House Controls function
Worse, the bug could allow an attacker to launch a ransomware attack, says the researcher. The hacker could crash the iPhone by sending a connection request from a HomeKit device whose name exceeds the allowed limit. The hacker could then prevent the user from accessing the data stored by his applications and demand a ransom.