IOS HomeKit Zero Day Lets Attackers Remotely Access Your Smart Home

08 December, 2017, 13:08 | Author: Sammy Rose
  • IOS HomeKit Zero Day Lets Attackers Remotely Access Your Smart Home

The vulnerability apparently allowed unauthorized access to HomeKit connected devices like smart lights, smart locks and more.

On Thursday, 9to5Mac disclosed the bug, which it said was "difficult to reproduce".

A zero-day vulnerability with Apple's HomeKit exposed users' smart door locks and garage-door openers to hackers, 9to5Mac reports.

Palestinians say they won't meet with Pence
Pence is expected to visit Israel and the Palestinian territories sometime before Christmas. Aides for Abbas were not immediately available for comment.


Check Rohingya influx, Rajnath Singh tells border states
This is the fourth meeting of the Chief Ministers of States, which share worldwide borders, called by the Home Minister. He said, the central government should set a deadline to completely seal the worldwide border with Bangladesh.


Chipotle Mexican Grill, Inc. (CMG) Shares Bought by RiverPark Advisors LLC
Rhumbline Advisers reduced its position in Chipotle Mexican Grill, Inc. 83 funds opened positions while 138 raised stakes. Ww Asset has invested 0.04% in Chipotle Mexican Grill, Inc. (NYSE:CMG) opened at $310.67 on Thursday.


The issue didn't involve smart home products but instead the HomeKit framework itself.

Security updates for iTunes and Safari have also been pushed out, but details about the patched bugs are yet to be released - and there's no official explanation for the dalay.

The website is vague about how the attack worked, but said: "The vulnerability required at least one iPhone or iPad on iOS 11.2, the latest version of Apple's mobile operating system, connected to the HomeKit user's iCloud account; earlier versions of iOS were not affected". Nevertheless, the publication saw a demo of the bug, which gave the attacker remote control over an Apple HomeKit-developed smart lock. However, this fix was not ready in time for iOS 11.2 and watchOS 4.2, which both arrived in early December. Just last week, developers found a major flaw in macOS High Sierra that allowed anyone to gain root access to a locked Mac, using no advanced knowledge and seconds of physical access to the machine. However, the fix does disable some of the HomeKit functionality for remote users, although the disruption to the service's functionality will be fixed in the future iOS update. "Owners need to be vigilant in monitoring for device updates if they choose to deploy these in their own homes", senior security researcher at Cylance, Jeff Tang, told IT Pro.

Recommended:



Popular

Could Pogba's ban be a blessing in disguise for Manchester United?
The influential Pogba, United's record signing, is out of Sunday's clash at Old Trafford through suspension. City had won their previous 20 games in all competitions, many of them convincingly.

Featured Stock to Focus: Philip Morris International, Inc. (NYSE:PM)
Hence the difference between Predicted EPS and Actual EPS reported is $-0.11/share which shows an Earnings Surprise of -8 Percent. Bp Wealth Management Llc increased Anheuser Busch (NYSE:BUD) stake by 6,038 shares to 132,445 valued at $14.62 million in 2017Q2.

Probe clears Intelligence chair Nunes
Based on their findings, the committee ruled that Nunes did not break any classification rules and closed the matter. Nunes did not say in Thursday's statement if he would retake control of the House Russia investigation.

Australia's biggest companies avoiding tax
Activist group Tax Justice Network Australia refuted the ATO's finding, saying tax avoidance was rife in Australia. However, these figures have not been broken out by the ATO for the purposes of the transparency report .

What's Ahead for OSI Systems, Inc. (OSIS) After Today's Big Increase?
Two equities research analysts have rated the stock with a hold rating and four have issued a buy rating to the company. It has outperformed by 39.95% the S&P500.The move comes after 8 months positive chart setup for the $1.24B company.

Former Patriots coach Ron Meyer dies at 76
The Patriots reached the playoffs in Meyer's first year after compiling a 5-4 record in the strike-shortened 1982 season. He spent three seasons there, earning the Division II Coach of the Year award in 1974, before accepting the SMU job.

BHP Billiton (BLT) Receives "Hold" Rating from Jefferies Group
Lafemina now expects that the mining company will earn $2.82 per share for the year, up from their previous estimate of $2.81. BHP Billiton presently has a consensus rating of Hold and an average price target of GBX 1,367.81 ($18.41).

Light snow in the forecast for NYC this weekend
Some of our models are hinting at a final push of moisture that swings through overnight Friday into Saturday morning. Tomorrow: Temperatures will warm to just at freezing during the day tomorrow.

Google adds celebrity selfie videos for searches
The search engine Google is rolling its new feature with the help of which PeeCee can tell you about her celebrity lifestyle. So basically, instead of the usual text format answers, Google will show the search results in selfie video format.

Catholic-Dignity Merger To Forge Nonprofit Health Giant
Catholic Health Initiatives' headquarters are based in Englewood, Colorado, and Dignity Health is based out of San Francisco. Individual facilities will continue to operate under their existing names, at least for the foreseeable future.