HomeKit: A flaw could render an iPhone unusable

A bug in HomeKit can render an iPhone unusable, and you only need to change the HomeKit device name for it to show up.

Apple’s HomeKit home automation solution, like any computer system, is not invulnerable. The consequences of a security breach can be very different. Between identity theft and full control of the device, attackers capable of exploiting it can do a lot of damage. Today, a loophole in the system can render an iPhone completely unusable.

HomeKit bug could render iPhone unusable

Detecting security breaches is common. Therefore, what we are interested in is about HomeKit, and if used, it can render the iPhone unusable. Security researcher Trevor Spiniolas reports this on his blog. The man is at the origins of the discovery of this vulnerability, he recently shared the details on his website.

According to Trevor Spiniolas, it looks like this shortcoming is due to changing the name of the device connected to HomeKit to a name containing 500,000 characters. In the post in question, in particular, one can read: “When the name of a HomeKit device is changed to a very long string of characters (500,000 characters for the test), all devices with the iOS version suffer from this error, which tries to load this string will become impossible even after a restart. Restoring the device and reconnecting to the iCloud account that the HomeKit device is associated with will cause the error to reappear.”

And just change the name of the HomeKit device to show it

The researcher explains that he originally reported the bug to Apple in August 2021, but it’s now 2022, iOS 15.2 was recently rolled out, and the bug is still there. The Cupertino-based company apparently promised to fix the issue in another update before the end of 2021, but that didn’t happen. This explains why Trevor Spiniolas made the decision to make his discovery public.

That being said, users don’t seem to need to connect any device to HomeKit for their device to be affected by this bug. This may even affect users who are simply invited to a home containing a HomeKit device with a very long string of characters as their name. Victims will have a phone in their hands that doesn’t seem to be answering anymore, and entries on the virtual keyboard are either ignored or appear with a long delay.

I hope the Apple brand finds a solution soon.

CDN CTB