IOS HomeKit Zero Day Lets Attackers Remotely Access Your Smart Home

08 December, 2017, 13:08 | Author: Sammy Rose
  • IOS HomeKit Zero Day Lets Attackers Remotely Access Your Smart Home

The vulnerability apparently allowed unauthorized access to HomeKit connected devices like smart lights, smart locks and more.

On Thursday, 9to5Mac disclosed the bug, which it said was "difficult to reproduce".

A zero-day vulnerability with Apple's HomeKit exposed users' smart door locks and garage-door openers to hackers, 9to5Mac reports.

Cyclone Ockhi: Gujarat, Maharashtra on alert as IMD issues fresh warning
India's coast guard and navy have rescued about 223 fishermen and evacuated thousands of people from cyclone hit areas.


What's Ahead for OSI Systems, Inc. (OSIS) After Today's Big Increase?
Two equities research analysts have rated the stock with a hold rating and four have issued a buy rating to the company. It has outperformed by 39.95% the S&P500.The move comes after 8 months positive chart setup for the $1.24B company.


Rogers Evaluating Sale of Blue Jays, Cogeco Stake, CFO Says
A spokeswoman for Rogers, Sarah Schmidt, said on Wednesday that the company "would like to surface value and get credit" for its "terrific sports assets".


The issue didn't involve smart home products but instead the HomeKit framework itself.

Security updates for iTunes and Safari have also been pushed out, but details about the patched bugs are yet to be released - and there's no official explanation for the dalay.

The website is vague about how the attack worked, but said: "The vulnerability required at least one iPhone or iPad on iOS 11.2, the latest version of Apple's mobile operating system, connected to the HomeKit user's iCloud account; earlier versions of iOS were not affected". Nevertheless, the publication saw a demo of the bug, which gave the attacker remote control over an Apple HomeKit-developed smart lock. However, this fix was not ready in time for iOS 11.2 and watchOS 4.2, which both arrived in early December. Just last week, developers found a major flaw in macOS High Sierra that allowed anyone to gain root access to a locked Mac, using no advanced knowledge and seconds of physical access to the machine. However, the fix does disable some of the HomeKit functionality for remote users, although the disruption to the service's functionality will be fixed in the future iOS update. "Owners need to be vigilant in monitoring for device updates if they choose to deploy these in their own homes", senior security researcher at Cylance, Jeff Tang, told IT Pro.

Recommended:

  • Over 20 die, several missing as boat capsizes in Pakistan

    Over 20 die, several missing as boat capsizes in Pakistan

    The dead include five women and four children, while at least twenty others were pulled from the sea alive. The passengers were mostly pilgrims were travelling to attend an annual celebration of a sufi saint.
    Liberia court says presidential runoff vote can go ahead

    Liberia court says presidential runoff vote can go ahead

    As a result the commission was prohibited from airing its views in public on "any matters which may grow out of the runoff election", Banks said.
    Gunmen kidnap son of PDP chairman

    Gunmen kidnap son of PDP chairman

    Akans said the kidnappers have not contacted the family or PDP members. "Yes, it is true, the abductors of Hon Damishi T. However, the Kaduna State Police Command has said special forces had been dispatched to rescue Sango and four others.
  • College Football Playoff features familiar faces

    College Football Playoff features familiar faces

    What if it was Ohio State the Tigers were playing, and Clemson beat the Buckeyes and went on to win the whole thing. Nick Chubb and Sony Michel have combined for more than 2,100 yards on the ground and 13 touchdowns apiece.
    Light snow in the forecast for NYC this weekend

    Light snow in the forecast for NYC this weekend

    Some of our models are hinting at a final push of moisture that swings through overnight Friday into Saturday morning. Tomorrow: Temperatures will warm to just at freezing during the day tomorrow.
    Federal Bureau of Investigation  director defends agency against Donald Trump's attacks

    Federal Bureau of Investigation director defends agency against Donald Trump's attacks

    As CNN reported , Strzok changed Comey's key description of Clinton's actions from "grossly negligent" to "extremely careless". His bosses, Attorney General Jeff Sessions and Rosenstein, remained publicly silent, leaving Wray to defend the agency.
  • Two teens killed in United States  school shooting, attacker dead

    Two teens killed in United States school shooting, attacker dead

    After reports of shooting, Deputies with the sheriff's office and surrounding police departments responded to the school. The city of Aztec is the county seat of San Juan County in northwest New Mexico in the Four Corners area.

    BHP Billiton (BLT) Receives "Hold" Rating from Jefferies Group

    Lafemina now expects that the mining company will earn $2.82 per share for the year, up from their previous estimate of $2.81. BHP Billiton presently has a consensus rating of Hold and an average price target of GBX 1,367.81 ($18.41).
    Britain and European Union  reach historic deal on Brexit divorce terms

    Britain and European Union reach historic deal on Brexit divorce terms

    The Government continues to insist it will not change the substance of what it says was agreed with the British government on Brexit earlier this week.
  • Wanna Go SLI With Titan V? NVLINK Bridge costs 599 Dollars

    Wanna Go SLI With Titan V? NVLINK Bridge costs 599 Dollars

    We broke new ground with its new processor architecture, instructions, numerical formats, memory architecture and processor links. The Titan V is the first consumer grade GPU based around Nvidia's new Volta architecture and retails for 2 ,999 dollars.
    First Solar, Inc. (FSLR)

    First Solar, Inc. (FSLR)

    Ontario - Canada-based Agf Investments America has invested 0.56% in First Solar, Inc . (NASDAQ: FSLR ) for 332,691 shares. For FSLR , the company now has 2.04 billion of cash on the books, which is offset by 13.45 million in current liabilities.
    Former USWNT star Hope Solo says she's running for US Soccer president

    Former USWNT star Hope Solo says she's running for US Soccer president

    Later, Nichols was pushed out by the USWNT players, who went on to sign a new collective bargaining agreement with U.S. Hope Solo (1) celebrates with her teammates after winning the 2015 Women's World Cup in a 5-2 victory over Japan.


Popular

Could Pogba's ban be a blessing in disguise for Manchester United?
The influential Pogba, United's record signing, is out of Sunday's clash at Old Trafford through suspension. City had won their previous 20 games in all competitions, many of them convincingly.

Sony's 2018 Xperia flagship smartphones could have a radical redesign
They show a couple of Xperia smartphones, one flagship and the other a non-flagship model, with minimal bezels on the front. But, despite this massive screen, both smartphones look like they could potentially come with front-facing stereo speakers.

Mourinho Interested in Signing $94million Star for Man Utd
Even if Ibrahimovic isn't quite the same player after his recent lay-off, there are few better players to have in your dressing room.

Uber licence suspended in Sheffield
Uber said if it can not resolve the issue by the Dec 18 deadline, it will appeal the decision to keep operating in the city. Uber can still reportedly operate taxis in Sheffield until December 18 and have submitted a new application for a licence.

Fergie Says She Couldn't Stop Hallucinating On Crystal Meth
While it was a terrifying thing to go through, the M.I.L.F singer the called the church incident "a freeing moment" and got sober. But the episode in the church marked a turning point for the 42-year-old star, who has been drug-free for more than 14 years.

Probe clears Intelligence chair Nunes
Based on their findings, the committee ruled that Nunes did not break any classification rules and closed the matter. Nunes did not say in Thursday's statement if he would retake control of the House Russia investigation.

Australia's biggest companies avoiding tax
Activist group Tax Justice Network Australia refuted the ATO's finding, saying tax avoidance was rife in Australia. However, these figures have not been broken out by the ATO for the purposes of the transparency report .

House Ethics Committee Opens Probes Into Franks, Farenthold
The House Committee on Ethics cleared House Intelligence Chairman Devin Nunes of disclosing classified information on Thursday. However, it noted that "establishing an investigative subcommittee does not itself indicate that any violation has occurred".

Chelsea defender Azpilicueta: If I can be dropped then no-one safe
He said: 'Ha, yeah! "I want to play every game, but the manager makes the best decisions for the team". Real Madrid, the current champions, also finished second'.

North Korea Implies War Is Inevitable After US-South Korean Military Exercise
The Chinese Ministry of Foreign Affairs on Wednesday expressed concerns over the continued deployment of USA strategic assets. According to him, the exercise was also attended by the South Korean air force F-15Ks and KF-16s.