Connect with us

Hi, what are you looking for?


Apple HomeKit crash erases data from software connected devices

And the year starts with somewhat negative news in the virtual scene. A cybersecurity expert has discovered a flaw that, if exploited, could erase all data recorded on devices and programs connected to Apple HomeKit, the company's iPhone software package that allows users of its devices to control smart homes.

  • QR Code scams on the rise: how do they work and how to avoid them?
  • What is an exploit?

According to the specialist in digital security Trevor Spiniolas, responsible for discovering the flaw, from iOS 14.7 to 15.2 are vulnerable to the problem. The expert also said that Apple has already been alerted about the issue, but, while promising to release fixes, has not released anything so far.

The flaw, called doorlock , is executed when an attacker modifies the name of a registered or guest device to be part of an Apple HomeKit instance to a string longer than 500,000 characters.

A Market Analysis Podcast: from Monday to Friday, you can listen to the main headlines and comments about technological events in Brazil and in the world. Links here:

When trying to read the name, vulnerable iOS versions will enter a denial of service state, where only a system reboot works. The first problem is that, after the device is restarted, all the information saved on the device is lost and can only be restored from backups.

To make matters worse, even after the device restarts, after the user has logged back into the device's iCloud, the failure happens again, almost as if he were stuck in a loop and, in the worst case, render that account or the device unusable .

According to Spiniolas, the problem could have use in cybercrime as a ransomware vector for Apple devices, trapping the devices in an eternal loop that can only be stopped by paying a fee to criminals.

how to protect yourself

The flaw can only be exploited by those who are connected to the HomeKit network, but even so it is worrying, mainly because, according to Spiniolas, there is still no method capable of preventing it from being used by those who have access to the targets in question.

Because of this, it is recommended that users avoid accepting suspicious invitations to integrate new devices in Apple HomeKit, especially those whose origin cannot be identified.

Finally, if the flaw has already been exploited and you have been affected (something difficult in Brazil, considering the lack of popularity of HomeKit in the country), follow these steps to restore the affected devices:

  • Restart the device;
  • Make the initial settings, but DO NOT sign into the previously active iCloud account;
  • When the device is usable again, log into the iCloud account from the device settings and disable any device connected with HomeKit;
  • After that, just restore the backup.

Read the article on A Market Analysis .

Trending at A Market Analysis:

  • Fiat retires four cars at once in Brazil; see what they were
  • Top 10 Most Powerful Cell Phones December 2021 has Xiaomi at the top
  • Volkswagen starts 2022 by increasing 5 car prices; guess which ones?
  • See photo of the asteroid that approached Earth on Sunday (2)
  • Trembling eye: why is the eyelid "bouncing" every now and then?

You May Also Like