iOS HomeKit bug allowed remote access to smart locks

As consumers sit down at their computers to buy Christmas presents for the near and dear, the last thing they want to know about is a bug which allows the tech-savvy to override smart home devices.

Timing could have been better for Apple. The flaw, which was demonstrated to 9to5Mac by an unnamed source, granted access to unauthorised individuals who would be able to tap into internet-connected devices controlled by Apple’s smart home platform. A temporary patch has been released by Apple, disabling remote access to shared users, with a permanent fix promised next week.

The bug allowed unauthorized control of products such as smart locks, lights, thermostats, and plugs, and will only fuel concerns from some corners of the industry that the technology is being rolled out too quickly. While progress should not necessarily be stifled, with such bugs becoming more common you have to question how much of a concern security is in the early stages of development. The technology giants would obviously deny it, but it does appear security is still seen as a bolt on as opposed to being weaved into the foundation of new products.

And while offering nefarious characters the opportunity to wander carefree into customers houses would be a massive worry, you also have to wonder about the ripple effects of such bugs. Every time a story like this emerges the normalization of a technology takes a hit. Those sitting on the fence, in deep thought on whether to move into the digital age, are going to be thoroughly turned off by such a worry.

The main issue with consumer IoT right now seems to be speed. Every tech company is trying to rush products to market to capitalize on the buzz, which might mean little details are missed. The sprint to be competitive could be seen to be having a long-term negative impact on the normalization and acceptance of the technology. Something wonderful is put on the market, and because proper care and attention was not paid during development, it is a flawed product. One step forward and two steps back.

The vulnerability was nothing to do with the hardware side of the equation, but solely Apple’s HomeKit framework on iOS 11.2. Earlier versions of the operating software were not impacted by the flaw. According to 9to5Mac, the bug was reported to Apple back in October, however not all of the issues were fixed as part of iOS 11.2 and watchOS 4.2 which were released this week.

Bugs in software happen, that is something we should all be used to by now, but the land grab we are witnessing in the rush to capitalise on the connected economy might only be compounding the situation. Hopefully these instances don’t damage the quest for consumer acceptance of new technologies, and perhaps at some point the tech companies will learn security cannot be considered an afterthought. We doubt it though, after all, it’s not the Apple executives houses which are going to be broken into.

  • 2020 Vision Executive Summit

  • Industrial IoT World

  • TechXLR8

  • BIG 5G Event

  • IoT World Europe Summit

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.


There are no upcoming events.


Do you agree public funding should be used to support mobile operators to more broadly deploy Open RAN?

Loading ... Loading ...