HomeKit bug: Device names that are too long can paralyze the iPhone

There is a bug in the current iOS versions for the Apple iPhone that can render the smartphone unusable. It results from a Denial of Service when HomeKit information is loaded from devices with names that are too long. Accidental triggering is unlikely because the smart home device would have to have a name with at least 500.000 characters. For people who target certain people and devices, it would be a means to (temporarily) paralyze the iPhone in question. Further information and background information in this post.

HomeKit bug warning from Trevor Spiniolas: Devices with too long strings for names can make the iPhone or iPad unusable. A risk for anyone who relies on smart home applications.

HomeKit bug warning from Trevor Spiniolas: Devices with too long strings for names can make the iPhone or iPad unusable. A risk for anyone who relies on smart home applications.

HomeKit bug warning from Trevor Spiniolas

Anyone who relies on smart technology in the house or in the apartment and controls everything via a single device is pretty lost when it refuses to work. But that is exactly what can happen with targeted attacks, warns security researcher Trevor Spiniolas on his website. In addition to the iPhone with versions of iOS 14 and iOS 15, the iPad with versions of iPadOS 14 and iPadOS 15 can also be affected. For example, an invitation to manage a household with an item deliberately named too long can result in a Denial of Service being triggered on the Apple device. It then has to be set up again.

Apple has been aware of the HomeKit bug since August

As shown in the linked information, Apple has been aware of the error since August 10, 2021. A corresponding update should come before 2022, but was postponed to "early 2022". Trevor Spiniolas found this handling of the warning insufficient and therefore made all available information publicly available as of January 1, 2022. If you are attacked by exploiting the bug, you have to set up your device again and get problems again as soon as it is connected to the iCloud account that is linked to the HomeKit. In an emergency, this can mean that z. B. at home in front of a locked door when you rely on a Smart Lock.

-

Did you like the article and did the instructions on the blog help you? Then I would be happy if you the blog via a Steady Membership or at Patreon would support.

Leave a Comment

Your e-mail address will not be published.