HomeKit, the magic thing that makes all your IoT devices ‘just work’ was victim of vulnerability this week that allowed unauthorised control of accessories connected to users’ AppleTVs, including door locks and garage doors. Obviously it would also let people turn your Hue lights on and off too, but that is more annoying that a danger.
Apple rolled out a server side fix that crippled a few functions, but that was all restored when they shipped iOS 11.2. As per usual with all this kind of stuff, it was extremely unlikely you’d actually encounter the impact of this vulnerability in the wild. I won’t go into detail about how it worked, but let’s just say it was very difficult to reproduce. You needed at least one iPhone or iPad running 11.2, connected to the HomeKit user’s iCloud account. So, you know, kinda unlikely to impact anyone in the real world.
The issue was not with the smart products that connected to HomeKit (for a change), but rather with the entire HomeKit framework itself.
Go with the upgrade
You don’t have to do anything to protect yourself, assuming you’ve upgraded to 11.2 which your AppleTV will have done on its own if you have selected the auto update option. Which you should have.
“The issue affecting HomeKit users running iOS 11.2 has been fixed. The fix temporarily disables remote access to shared users, which will be restored in a software update early next week.”
Does this mean you shouldn’t trust HomeKit anymore? Of course not. Bugs, sadly, are part of life. Always have been, always will. Should you trust HomeKit for home security? Well, that’s up to you. I’d love a smart lock on the front door. Coming home with two bags of shopping and a three year old little girl would be made much easier if I didn’t have to find pesky keys to get in. Like an animal! But, the idea of a smart front door isn’t getting spousal approval for the moment. In light of this vuln, maybe she is right.
What do you think? Would you trust HomeKit (or any other smart hub) to manage your front or garage door? Let me know in the comments.