A zero-day Apple HomeKit vulnerability has been discovered that allows unauthorized remote access to smart accessories. The attack, demonstrated to 9to5Mac, allowed access to smart locks, garage openers, and more.The vulnerability, which we won’t describe in detail and was difficult to reproduce, allowed unauthorized control of HomeKit-connected accessories including smart lights, thermostats, and plugs. The most serious ramification of this vulnerability prior to the fix is unauthorized remote control of smart locks and connected garage door openers, the former of which was demonstrated to 9to5Mac.
The vulnerability reportedly requires at least one iPhone or iPad running iOS 11.2 connected to the HomeKit user's iCloud account. Apple was apparently informed about this and related vulnerabilities in late October; however, not all issues were fixed by the time iOS 11.2 and watchOS 4.2 were released.
Share Article:
Facebook, Twitter, LinkedIn, Google Plus, Email, Reddit, Digg, Delicious, StumbleUpon
Follow iClarified:
Facebook, Twitter, LinkedIn, Google Plus, Newsletter, App Store, YouTube
Post a Comment