This bug can cause your iPhone to crash over and over again | #ios | #apple | #iossecurity | #education | #technology | #infosec


More and more people are turning their dwellings into smart homes for good reason. The convenience of controlling everything from lights to locks and everything in between with your phone or voice is just too fantastic to ignore. Haven’t started making your home smart? Tap or click here to build a smart home at any budget.

One downside to having a smart home is it opens you up to security threats that you otherwise wouldn’t need to worry about. And sometimes, a hacker doesn’t even need to infiltrate your home system. All criminals need to do is get you to connect to a compromised network.

Now, cybercriminals have come up with a clever way to trick victims into crashing their own systems. Read on to find out how they’re doing it and ways to stay protected.

Here’s the backstory

Like Google Home, Apple’s HomeKit is a software framework to control smart home technology. You can use HomeKit to control thermostats, lock the doors to your house, toggle light switches and more. It also integrates with Siri, which lets you enact functions through voice commands.

Not just anybody can control your smart home, as you need to be invited on the app to do so. But hackers are exploiting a new vulnerability in the HomeKit app that can send your iPhone into a death spiral.

Detailed by security researcher Trevor Spiniolas, there are two scenarios that attackers can use. One method is spoofing your HomeKit setup and sending you a phishing email with an invitation to join. With the other, the attacker has access to your network and can change the name of a HomeKit device.

Hackers then change the name of a HomeKit device to around an extremely long 500,000 characters. When you connect to it, your iPhone or iPad can’t handle the length of characters and freezes up. The troubles stack up if you have other Home devices enabled in the iPhone’s Control Center.

“iOS will become unresponsive. All input to the device is ignored or significantly delayed, and it will be unable to meaningfully communicate over USB. After around a minute, backboardd will be terminated by watchdog and reload, but the device will remain unresponsive,” Spiniolas explained in a blog post.

Since the details of HomeKit are stored in iCloud, it will constantly connect and cause problems. This will send your iPhone into an indefinite loop and become unresponsive.

What you can do about it

To prevent this scenario from happening to you, there are a few things that you can do to stay safe. If you have been affected by this vulnerability, the only thing you can do is factory-reset your device.

But even that won’t completely solve the issue, as you can’t log in to your iCloud account without triggering the bug. Spiniolas gives step-by-step instructions on what to do under the Solution section of his blog. You can find them here.

Since one way the HomeKit flaw can be exploited is through phishing attacks, here are some ways to stay safe:

  • Never accept invitations to join a Home if you don’t know the person who sent it to you. Even then, make sure that it is a genuine invitation and not a spoofed one.
  • If you don’t need HomeKit, disable the Home Controls on your device. To do this, open the Settings app, scroll down and tap on Control Center and disable the Show Home Controls switch.

Apple has reportedly acknowledged that the vulnerability exists, and will release a patch later this year.

Keep reading

Now your iPhone can check your heart and breathing without a smartwatch – Here’s how

You should enable iPhone’s new App Privacy Report – Here’s how


Source link