Apple says it’s issued a fix for an iOS security flaw that
left key connect home hardware open to unauthorized third-party access.
The bug, which was initially spotted by 9to5Mac, reportedly made it possible for an outside party to access things like smart locks and garage doors.
The company has since confirmed the
existence of the bug with TechCrunch. “The issue affecting HomeKit users
running iOS 11.2 has been fixed,” an Apple spokesperson said in a
statement. “The fix temporarily disables remote access to shared users,
which will be restored in a software update early next week.”
The fix appears to be server side update,
meaning that the end-user doesn’t have to update anything for it to take
effect. For the time being, it also means that users with 11.2 wont
have all of the standard remote HomeKit functionality, until Apple rolls
out something more permanent next week. Getting that functionality back
will require updating to the latest version of iOS.
The initial report doesn’t detail the
specifics of the exploit in its post, only noting that, “The
vulnerability required at least one iPhone or iPad on iOS 11.2, the
latest version of Apple’s mobile operating system, connected to the
HomeKit user’s iCloud account.” It appears to be a difficult one to
replicate and doesn’t impact earlier builds of the operating system. But
it may highlight concerns around smart home functionality, as users
connecting more pieces of their home to an ecosystem like HomeKit,
Assistant or Alexa.
Bugs are part of any software solution, and Apple’s rushed to fix a couple of prominent ones on macOS and iOS
in recent weeks. Like those, the company’s patched things up here with,
hopefully, minimal inconvenience to the end user. But as always, it’s
important to make a cost benefit analysis of a connected home offering
to decide if it’s the right fit.0
No comments:
Post a Comment