iOS HomeKit Vulnerability Allowed Remote Access to Smart Accessories

[DooKey]

Apple recently discovered a zero-day vulnerability to their HomeKit framework that would allow accessories like locks to be accessed remotely. The good news is they have applied a server fix that stops this, but the bad news is you're going to lose some functionality until next week. I have to hand it to Apple on this one - they reacted quickly. However, this just highlights the vulnerability of using IoT devices to secure your home.

We believe this vulnerability being brought to our attention has resulted in the solution being readied sooner than it otherwise would have been, and our readers deserve to know that the vulnerability existed. The severity of this vulnerability also imposes a responsibility on 9to5Mac as a publication to share what we know with our audience if we’re going to continue covering HomeKit and smart home products.

 

[BSmith]

It boggles my mind there are people stupid or ignorant enough actually using this crap. No way in hell would I have anything security related attached to the Internet. Talk about your oxymoron. I mean,....security,....Internet. Sheesh.

 

[Master_shake_]

Typo in the title it's smrt.

Lol
Hopefully it wasn't root for the root password this time.

 

[Vermillion]

The S in IoT stands for Security!

 

[BSmith]

All your home belong to Apple,......and anyone else who happens to have a smart phone.

 

[DracoDan]

Typo in the title it's smrt.

Lol
Hopefully it wasn't root for the root password this time.

The worst part was that the password wasn't root, it was *BLANK*!!!
But only when the root account was disabled... which it is by default.