"You should always be careful to invite strangers into your home." This is the result of a new Security investigation that reveals a Security hole that could shut down, crash, or restart your iOS phones if connected to the malicious Apple Home app. The vulnerability, discovered by Security researcher Terror Spiniola, could be exploited via Apple's HomeKit API, a software interface that allows an iOS app to control compatible smart home devices.
If a cyber attacker builds a device with the HomeKit app with a very long name - about 500,000 characters - and the iOS user connects to it, that user's phone will no longer respond after connecting to this malicious device and will enter a stop and reboot cycle Resetting and restoring an iOS phone can only be done by fixing the problem.
In addition, since the names of devices running the HomeKit app in iCloud are backed up, logging into the same iCloud account with one device Recovering again causes a crash, and this cycle continues until the device user disables the home device sync option from iCloud.
Although a cyber attacker could compromise a HomeKit app's user device, it is the most likely way to cause abuse Ten is for the attacker to create a fake Home Network and trick the user into joining the malicious network via phishing email. To protect against this type of cyber attack, the main precaution for iOS users is to immediately reject any invitation to join an unfamiliar home network.
In addition, iOS users who are currently out of Using smart home devices, they can protect themselves against these types of threats by entering the control center and disabling the "Show home controls" settings. (This does not preclude the use of home appliances, but restricts access to information through the Control Center.)
Spiniolas posted details of the vulnerability on his personal website on January 1, 2022. . He has already been trusted by Apple for discovering a vulnerability in macOS Mojave, which was modified in 2019. The new vulnerability will affect the latest version of iOS 15.2, bringing it back to at least version 14.7, Spiniolas said. The Security researcher also accused Apple of acting too slowly in response to an initial leak released months before the release.
The researcher shared emails with The Verge's website. Apparently, one of the representatives of Apple confirmed this problem and asked Spiniolas to refrain from publishing the details of this problem in early 2022. A blog post detailing the vulnerability claims that Apple was notified of the issue on August 10, 2021 and has not yet taken specific action to fix the vulnerability.
Spiniolas wrote: "Apple's lack of transparency is frustrating not only for Security researchers who often work for free, but also for the millions of users who "Apple products are used in their daily lives, creating a lot of risks by reducing Apple's responsibility for Security issues." It should be noted that Apple did not respond to a request for comment at this time. It remains to be seen in the coming days what steps the American tech giant, which has always attached great importance to security, will take in relation to this Security hole.
Source: TheVergeTags: security, bug, apple, homekit, app, can, nuisance, ios, users