IOS HomeKit Zero Day Lets Attackers Remotely Access Your Smart Home

08 December, 2017, 13:08 | Author: Sammy Rose
  • A Home Kit zero day has affected Apple customers

The vulnerability apparently allowed unauthorized access to HomeKit connected devices like smart lights, smart locks and more.

On Thursday, 9to5Mac disclosed the bug, which it said was "difficult to reproduce".

A zero-day vulnerability with Apple's HomeKit exposed users' smart door locks and garage-door openers to hackers, 9to5Mac reports.

First Solar, Inc. (FSLR)
Ontario - Canada-based Agf Investments America has invested 0.56% in First Solar, Inc . (NASDAQ: FSLR ) for 332,691 shares. For FSLR , the company now has 2.04 billion of cash on the books, which is offset by 13.45 million in current liabilities.


Check Rohingya influx, Rajnath Singh tells border states
This is the fourth meeting of the Chief Ministers of States, which share worldwide borders, called by the Home Minister. He said, the central government should set a deadline to completely seal the worldwide border with Bangladesh.


Chelsea defender Azpilicueta: If I can be dropped then no-one safe
He said: 'Ha, yeah! "I want to play every game, but the manager makes the best decisions for the team". Real Madrid, the current champions, also finished second'.


The issue didn't involve smart home products but instead the HomeKit framework itself.

Security updates for iTunes and Safari have also been pushed out, but details about the patched bugs are yet to be released - and there's no official explanation for the dalay.

The website is vague about how the attack worked, but said: "The vulnerability required at least one iPhone or iPad on iOS 11.2, the latest version of Apple's mobile operating system, connected to the HomeKit user's iCloud account; earlier versions of iOS were not affected". Nevertheless, the publication saw a demo of the bug, which gave the attacker remote control over an Apple HomeKit-developed smart lock. However, this fix was not ready in time for iOS 11.2 and watchOS 4.2, which both arrived in early December. Just last week, developers found a major flaw in macOS High Sierra that allowed anyone to gain root access to a locked Mac, using no advanced knowledge and seconds of physical access to the machine. However, the fix does disable some of the HomeKit functionality for remote users, although the disruption to the service's functionality will be fixed in the future iOS update. "Owners need to be vigilant in monitoring for device updates if they choose to deploy these in their own homes", senior security researcher at Cylance, Jeff Tang, told IT Pro.

Recommended:



Popular

Two teens killed in United States school shooting, attacker dead
After reports of shooting, Deputies with the sheriff's office and surrounding police departments responded to the school. The city of Aztec is the county seat of San Juan County in northwest New Mexico in the Four Corners area.

Mourinho Interested in Signing $94million Star for Man Utd
Even if Ibrahimovic isn't quite the same player after his recent lay-off, there are few better players to have in your dressing room.

Cyclone Ockhi: Gujarat, Maharashtra on alert as IMD issues fresh warning
India's coast guard and navy have rescued about 223 fishermen and evacuated thousands of people from cyclone hit areas.

Australia's biggest companies avoiding tax
Activist group Tax Justice Network Australia refuted the ATO's finding, saying tax avoidance was rife in Australia. However, these figures have not been broken out by the ATO for the purposes of the transparency report .

House Ethics Committee Opens Probes Into Franks, Farenthold
The House Committee on Ethics cleared House Intelligence Chairman Devin Nunes of disclosing classified information on Thursday. However, it noted that "establishing an investigative subcommittee does not itself indicate that any violation has occurred".

Palestinians say they won't meet with Pence
Pence is expected to visit Israel and the Palestinian territories sometime before Christmas. Aides for Abbas were not immediately available for comment.

What's Ahead for OSI Systems, Inc. (OSIS) After Today's Big Increase?
Two equities research analysts have rated the stock with a hold rating and four have issued a buy rating to the company. It has outperformed by 39.95% the S&P500.The move comes after 8 months positive chart setup for the $1.24B company.

Former USWNT star Hope Solo says she's running for US Soccer president
Later, Nichols was pushed out by the USWNT players, who went on to sign a new collective bargaining agreement with U.S. Hope Solo (1) celebrates with her teammates after winning the 2015 Women's World Cup in a 5-2 victory over Japan.

Former Patriots coach Ron Meyer dies at 76
The Patriots reached the playoffs in Meyer's first year after compiling a 5-4 record in the strike-shortened 1982 season. He spent three seasons there, earning the Division II Coach of the Year award in 1974, before accepting the SMU job.

BHP Billiton (BLT) Receives "Hold" Rating from Jefferies Group
Lafemina now expects that the mining company will earn $2.82 per share for the year, up from their previous estimate of $2.81. BHP Billiton presently has a consensus rating of Hold and an average price target of GBX 1,367.81 ($18.41).