An annoying bug has been exposed that could put iPhones and iPads in an endless loop of death when using Apple's "Home" app. The researcher who discovered this bug claims that Apple does not care enough to fix this bug quickly.
"This bug poses a serious risk to users and I believe it is being handled inappropriately because months have gone by without a comprehensive fix," security researcher Trevor Spiniolas wrote in a PDF posted online earlier this month. The public should know about this vulnerability and how to prevent it from being exploited."
We don't know much about how much of a security risk this flaw - which Spiniolas calls "DoorLock" - actually poses, but it may seem like your iPhone is hopelessly bricked without any possibility of recovery. (iPhone and iPad users, however, should take steps to protect themselves from pranks and vandalism that exploit this flaw.
We have also asked Apple for comment on this issue and will update this article as soon as we receive a reply. [According to Spiniolas, this bug occurs when very long names (hundreds of thousands of characters) are assigned to devices on the local HomeKit network. iOS devices linked to the network can arbitrarily change the device name.
"If a HomeKit device's name is changed to a large string (500,000 characters in tests), loading that string on a device with the affected iOS version installed will break the operation, even after a reboot," Spiniolas wrote in a blog post. Spiniolas wrote in a blog post.
Somehow (perhaps because very long names can "overflow" memory allocation), the Home app on iOS devices linked to the HomeKit network crashes and continues to crash until the device in question is renamed. Tom's Guide has not attempted to reproduce these issues and cannot confirm that they always work.
To make matters worse, Spiniolas says that if the iOS device has the Home app enabled in the Control Center (a menu accessed by swiping down from the iPhone's main screen), the iOS device freezes and becomes unresponsive.
Restarting the device does not solve the problem because the Home app loads before the user gets to the settings screen to remove Home from the Control Center. A full restore (erasing user data on the phone) will not resolve the issue until the user logs into their iCloud account.
"Restoring the device and signing back into the iCloud account linked to the HomeKit device triggers the bug again," Spiniolas wrote.
The flaw affects at least iOS 14.7 and 14.8, and possibly all versions of iOS 14, Spiniolas wrote (Tom's Guide notes that all versions of iOS that support HomeKit dating back to iOS 8 (Tom's Guide speculates that all versions of iOS that support HomeKit dating back to iOS 8 may be affected.)
Starting with iOS 15 or the 15.1 update, Spinioras writes - both released after he disclosed the bug to Apple - users can no longer give HomeKit devices very long names. However, iOS 15 devices would crash/freeze as described above when joining a HomeKit network where such devices existed.
According to Spiniolas, it is possible for an attacker to invite iOS device users to a malicious HomeKit network or to rename devices on an already joined HomeKit network. He is also concerned that this could even lead to ransomware-like attacks against iOS devices, where the attacker holds the device "hostage" until a ransom is paid. 27]
As Sophos' Paul Ducklin wrote in his blog last week, "The good news is that this bug will not allow attackers to spy on your phone (or HomeKit device), steal data such as passwords or personal messages, install malware, make fraudulent online charges, or disrupt your network"
According to Spiniolas, he informed Apple about this flaw in August. 10, 2021, but the company kept postponing the revision date, which is now "early 2022." Again, we asked Apple for an explanation.
If an iOS device freezes because of this flaw (which seems highly unlikely), Spiniolas says it will be necessary to run a system restore process that will completely erase the user data on the iPhone or iPad. (This is best done by "tethering" to a Mac or PC with a USB cable, but here is how to do an iOS system restore without a computer.)
However, even if your iOS device prompts you to sign in to your iCloud account, don't sign in, Spiniolas says. Instead, wait until the iPhone or iPad is fully set up locally and sign in to iCloud from the settings menu.
Spiniolas did not mention another possible method: if you have HomeKit and the Home app set up on your Mac (available on macOS 10.14 Mojave or later), you can perform a factory restore process on your iOS device without having to It may be possible to rename the offending device directly from the Mac. However, this assumes that the Mac version of the Home app does not have this same flaw.
Fortunately, it is very easy to avoid being affected by a possible (though unlikely) attack that exploits this flaw; as Sophos' Ducklin explains, the first step is to not allow people who do not live with you to join the HomeKit network, The first step, as Sophos' Ducklin explains, is to not allow people you don't live with to join your HomeKit network, and even if invited, not to join other people's HomeKit networks. And even if invited, do not join the HomeKit network.
To avoid getting stuck in a HomeKit startup loop, Ducklin recommends removing Home from the iOS device's Control Center beforehand.
Finally, and this is something all iOS users should do, regularly back up your device to a Mac or PC so that you can access all user data without having to access iCloud.
.
Comments