New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

Apple Fixed iOS 11.2 Vulnerability That Allowed Unauthorized Access to HomeKit Devices

Thursday December 7, 2017 12:42 pm PST by Juli Clover
A HomeKit vulnerability in iOS 11.2 that allowed unauthorized access to HomeKit accessories that included smart locks has been fixed by Apple, the company told 9to5Mac in a statement today.

"The issue affecting HomeKit users running iOS 11.2 has been fixed. The fix temporarily disables remote access to shared users, which will be restored in a software update early next week."
To patch the vulnerability, which was reportedly difficult to reproduce, Apple disabled remote access for shared users, something the company says will be reintroduced in a software update that's set to be released early next week.

Apple was able to address the vulnerability server side as it affected the HomeKit framework rather than individual HomeKit products. Though the vulnerability impacted all HomeKit devices, it is of particular interest to HomeKit users with smart locks and other HomeKit-enabled devices that allow access to the home, as someone able to exploit this kind of problem could gain entry to a dwelling without a physical key.

9to5Mac says that Apple was first informed about the security issue and other related HomeKit vulnerabilities in October. Some of the problems were addressed in iOS 11.2 and watchOS 4.2, while the rest were fixed server side. HomeKit setups with at least one connected iPhone or iPad running iOS 11.2 and signed into a HomeKit user's iCloud account were impacted.

Since its launch in 2014, HomeKit has seen many major improvements and its adoption has grown steadily. A wide range of manufacturers have embraced HomeKit, and there are HomeKit lights, outlets, switches, thermostats, window coverings, fans, sensors, cameras, locks, and garage door openers.

August, Friday, Koogeek, Kwikset, Schlage, and Yale all make HomeKit-enabled smart locks that can be controlled via Siri voice commands and HomeKit apps.

Related Roundup: iOS 11
Tag: HomeKit
[ 112 comments ]


Top Rated Comments

(View all)

Avatar
Wackery
27 weeks ago
apple software used to have a reputation
Rating: 32 Votes
Avatar
ideal.dreams
27 weeks ago
Does Apple even have a quality assurance department at this point? The latest releases of iOS and macOS are downright embarrassing.

We share remote access in our family to access all of our HomeKit smart devices and now we're all unable to control our items until sometime next week. Absolutely ridiculous.
Rating: 18 Votes
Avatar
MacFather
27 weeks ago

apple software used to have a reputation


I miss Forstall.
Rating: 17 Votes
Avatar
calzon65
27 weeks ago
Apple's policy to rush out new versions of IOS each year is pathetic. Their quality control is complete garbage and before someone says, well IOS is a complex operating system having to support both current and many legacy devices ... I don't give a damn.

Apple used to stand for quality, but IOS has become a bloated operating system where the hype is always about new emojis. Apple needs to get off the annual release of major IOS versions and concentrate on efficiency and bug fixes.
Rating: 11 Votes
Avatar
alexhardaker
27 weeks ago

I miss Forstall.


I do too. He should have stayed at Apple and not got asked to leave. It really does show
Rating: 11 Votes
Avatar
Westside guy
27 weeks ago

apple software used to have a reputation


It still does - just maybe not the same one you're referring to.
Rating: 10 Votes
Avatar
Glideslope
27 weeks ago

apple software used to have a reputation


It still does. It’s simply switched direction. :apple:
Rating: 10 Votes
Avatar
iLoveDeveloping
27 weeks ago
IT JUST WORKS.


Makes me sick!
Rating: 10 Votes
Avatar
avanpelt
27 weeks ago
For all the people saying “No HomeKit, no buy” because of HomeKit’s top-notch security, just keep this incident in mind. There are almost surely other security holes lurking in the code just as there are in virtually every software. Apple needs to do some serious self-examination after the macOS and iOS bugs of late. Having 10 or 15 public betas is not a replacement for doing thorough, in-house code reviews and testing.
Rating: 9 Votes
Avatar
69Mustang
27 weeks ago

Wow, so much negativity against Apple. When Apple has full control of a product they usually do fantastic work. But in the case of HomeKit, Apple has had to contend with many third-party producers to tie their products into the HomeKit application. I am not surprised that there are not many more problems With third-party’s code stepping all over the Apple code and causing additional problems. At least Apple is pretty good at fixing the problems fast, once they are identified.

You read an article about a vulnerability in Homekit's framework but decided to post a comment throwing dirt on 3rd parties? I mean while we're at it, let's just blame the macOS hole and iOS issue on 3rd parties too. Not only do you unfairly disparage 3rd parties, you try to diminish Apple's culpability with "at least they are pretty good at fixing problems fast once they are identified". So they aren't at fault and they fix problems fast. Got it. We should be grateful.

I gotta preemptively apologize. For some odd reason I am unnaturally and unreasonably triggered by your post. I think it's the blame others but praise Apple's quickness take that's got me sideways. It's either that or the fact that the cat keeps sticking her paw in my scotch glass and drinking from her claw. Little bit of column A, little of column B maybe. Sorry.
Rating: 8 Votes

[ Read All Comments ]