UPDATED 21:52 EST / DECEMBER 07 2017

EMERGING TECH

Apple patches HomeKit vulnerability that could have given burglars access to smart locks

Apple Inc. has patched a serious vulnerability in its HomeKit smart home software framework that could allow malicious actors to hijack and control any device connected using the platform.

The “zero-day” or previously undiscovered vulnerability, first reported by 9to5Mac today, allowed unauthorized control of accessories such as smart locks and garage door openers. Described as “difficult to reproduce,” the vulnerability would allow a hacker to take full control of any smart home device, such as smart lights, thermostats and plugs too. But it’s the locks and garage door openers that would give a would-be burglar easy access to an Apple user’s house or business.

Strangely, the vulnerability seemingly occurred only as a result of software coding in the last version of Apple’s mobile software. The company said in a statement that the issue affecting HomeKit users running iOS 11.2 has been fixed. “The fix temporarily disables remote access to shared users, which will be restored in a software update early next week,” it explained.

The first Apple HomeKit enabled devices went on sale in June 2015 as the company Steve Jobs built aimed to take on the likes of Samsung Electronics Co. Ltd. and Google LLC in smart home devices. Since then, devices using HomeKit have grown, but according to figures published earlier this year, Apple has struggled to make a dent in the market.

Indeed, one analyst, Edison Investment Research’st Richard Windsor, said it was “losing badly,” primarily because it didn’t have a direct competitor to Amazon.com Inc.’s Echo and Google’s Home smart speakers. Apple addressed that gap by announcing its “HomePod” smart speaker in June, but ongoing delays in bringing the product to market continue to leave it behind its competitors.

The good news for the relatively few Apple HomeKit-enabled device users is that Apple’s solution does not require any action on their behalf. The patch for the vulnerability has been deployed at the server level, with further fixes said to be available shortly.

Photo: Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU