Apple Fixed iOS 11.2 Vulnerability That Allowed Unauthorized Access to HomeKit Devices

[dan110]

Apple's Software Engineering Devision seems to have turned into a bunch of amateurs.

How can they not have a specific team of people totally focused on security?

 

[jermwhl]

Did you say another software update next week I’m getting tired

I know! It's so work intensive to have to press "Download and Install". Come on Apple, just leave the vulnerabilities open, so we don't have to update our software so much. Stop patching iOS so much, it's inconvenient. Are one of these "/S" required in this case?

 

[Analog Kid]

First a vulnerability that lets you bypass security to gain superuser access to your Mac, then one that allows you to bypass security to gain superuser access to your home...

Hasn't been a good month, that's for sure...

 

[jdillings]

Forstall is laughing his ass off

 

[K. Bayquoi]

Wow, so much negativity against Apple. When Apple has full control of a product they usually do fantastic work. But in the case of HomeKit, Apple has had to contend with many third-party producers to tie their products into the HomeKit application. I am not surprised that there are not many more problems With third-party’s code stepping all over the Apple code and causing additional problems. At least Apple is pretty good at fixing the problems fast, once they are identified.

 

[avanpelt]

I mean most trust their home security to a small steel lock that really isn't all that difficult to bypass... How is this any easier than that to "hack"?

I do agree with you about the lock and the lack of real security it provides. Several years ago, my garage door keypad malfunctioned and it wouldn’t open the door after I got back from taking my dog for a walk. I left without my keys so I was locked out.

I called a locksmith and the guy who showed up had the lock drilled out, the deadbolt removed, and my door open in about two minutes.

 

[nhmerino]

Huge Homekit Bug
Home app stuck on loading accessories and scenes (Impossible to use Homekit)

https://forums.developer.apple.com/thread/48718

 

[69Mustang]

Wow, so much negativity against Apple. When Apple has full control of a product they usually do fantastic work. But in the case of HomeKit, Apple has had to contend with many third-party producers to tie their products into the HomeKit application. I am not surprised that there are not many more problems With third-party’s code stepping all over the Apple code and causing additional problems. At least Apple is pretty good at fixing the problems fast, once they are identified.

You read an article about a vulnerability in Homekit's framework but decided to post a comment throwing dirt on 3rd parties? I mean while we're at it, let's just blame the macOS hole and iOS issue on 3rd parties too. Not only do you unfairly disparage 3rd parties, you try to diminish Apple's culpability with "at least they are pretty good at fixing problems fast once they are identified". So they aren't at fault and they fix problems fast. Got it. We should be grateful.

I gotta preemptively apologize. For some odd reason I am unnaturally and unreasonably triggered by your post. I think it's the blame others but praise Apple's quickness take that's got me sideways. It's either that or the fact that the cat keeps sticking her paw in my scotch glass and drinking from her claw. Little bit of column A, little of column B maybe. Sorry.

 

[OldSchoolMacGuy]

I'm baffled how people can leave the security of their house, valuables, and loved ones in the hands of Apple software. Based on all the exploits going on lately, I wouldn't be surprised if just automatically let a stranger into your home and then pointed them to the valuables.

Have you watched the Android side at all? Much bigger issues lately. But they don't make news. Because anything Apple makes headlines. And this site makes money the more they turn up the problem and get page views. So everything is the worst in the world and the end of the world. Because that make people click and talk and load page after page. Thats where the blog money is.

 

[kstotlani]

at what point do you even think that complex code is ever bug free

When your life or life savings depends on it. E.g. the airlines you fly. I think it’s ok to have your phone OS drain your battery quicker, auto correct a to i etc. but people should not trivialize some of the major issues and symptoms that can be a big issue if a good hacker puts their mind to it. I don’t think Apple is doomed etc. they will get the root cause sorted but there are signs that they have to do something better in such cases where your homes could be opened due to a vulnerability. I say this because I am in the technology business and we definitely do lot more additional testing when it comes to critical components of an application. I bet there are a lot of changes happening at Apple as we speak but the mob in us will not be happy till a leadership head roles.

 

[69Mustang]

Have you watched the Android side at all? Much bigger issues lately. But they don't make news. Because anything Apple makes headlines. And this site makes money the more they turn up the problem and get page views. So everything is the worst in the world and the end of the world. Because that make people click and talk and load page after page. Thats where the blog money is.

I'm sure HomeKit users are taking solace in the fact they even though their software had a big security vulnerability Android has problems too. Misery loves company.

 

[kstotlani]

I do agree with you about the lock and the lack of real security it provides. Several years ago, my garage door keypad malfunctioned and it wouldn’t open the door after I got back from taking my dog for a walk. I left without my keys so I was locked out.

I called a locksmith and the guy who showed up had the lock drilled out, the deadbolt removed, and my door open in about two minutes.

There can be several arguments like these. Let me provide one for fun as I was thinking on the same lines. It would take 100 of those locksmiths to open 100 homes but it would take a long time while a 400 pound guy (Trump Russia hack reference) sitting in his basement could open more than a thousand homes within seconds.

 

[hface119]

I have been racking my brain trying to figure out why my Hue light automations were not working via Home, and realized I couldn’t connect to them on LTE when it always used to work - I too was going to reset HomeKit this weekend to see if it would fix it. I’m just relieved it was on Apple’s side and they’re actively addressing it. I only wish they would have told us sooner considering they’ve known since October. Would have saved the wondering and perhaps some people time if they went the reset/reconfigure route to no avail.

 

[iamtheonlyone4ever]

ok now seriously with all these bugs who wants to volunteer to try the apple car
beta or not I'm not getting on that car
I just don't trust ICAR OS
I like KITT from night rider better, now that's a self driving car you can trust

 

[neliason]

I mean most trust their home security to a small steel lock that really isn't all that difficult to bypass... How is this any easier than that to "hack"?

Yep. If someone is intent on breaking into a home, which is a serious crime, they have the options of picking a lock or just kicking the door in which is surprisingly easy. Not that a bug in software that protects or has the ability to record video and audio in your home isn’t serious.

 

[sunwukong]

apple software used to have a reputation

It's starting to get another one.

 

[M2M]

apple software used to have a reputation

They have a new reputation now. „We‘ll break it, we’ll fix it”. Long gone is the “it just works” mindset.

 

[alexhardaker]

They have a new reputation now. „We‘ll break it, we’ll fix it”. Long gone is the “it just works” mindset.

I really do hope they’re getting back into to the “it just works” mindset. It’s anazing how much has changed since Forstall’s departure

 

[Diving Capers]

It is unfortunate that Cook’s vision for what Apple should be appears to be the iPhone and quick iOS releases. The main hurdle Apple is currently facing is the limited vision of its senior management team, the issue is that, as long as the iPhone continues to do so well, there will be no hope of change.

The Mac and macOS will continue to suffer, silly design choices will continue to be made and the focus will continue to be on the fashion side instead of usability, quality and customer experience.

It is sad that Coook’s Apple is unwilling to see past the quick profits generated by the iPhone’s success. Maybe they believe that the future is in smartphones only and their roadmap is one that slowly neglects the Mac until the only real option for Apple fans is the iPhone, the iPad and whatever accessories they occasionally pump out.

It would be great to see Forstall back, however the chances are slim to none as long as Cook and Ive are still part of the company.

Apple urgently needs someone with a real vision for innovation and a no nonsense approach to quality control.

Hopefully their recent performance is just a bump in the road, however it is unlikely there will be real change as long as Cook is in control.

Cook’s only achievement is milking Job’s vision for every penny and bogging down everything Apple once stood for. Shame on him.

 

[WatchFromAfar]

at what point do you even think that complex code is ever bug free

No-one says complex code is going to be bug-free but it's kinda embarrassing when you're a Company that likes to pride itself on being secure and having things "just work".

 

[krazzix]

Reminds of me this commercial

 

[PBRsg]

Yup. The Walled Garden would be full of green. Not the current brown.

The overdid it with the cow manure...

 

[NightFox]

Apple's policy to rush out new versions of IOS each year is pathetic. Their quality control is complete garbage and before someone says, well IOS is a complex operating system having to support both current and many legacy devices ... I don't give a damn.

Apple used to stand for quality, but IOS has become a bloated operating system where the hype is always about new emojis. Apple needs to get off the annual release of major IOS versions and concentrate on efficiency and bug fixes.

Do you not think the practice of pushing out a new version of iOS every year is driven by customer demand and expectation, rather than an arbitary decision by Apple? The problem is, people expect a revolutionary, magical new iPhone every year and a new version of iOS packed with new features. Fail to provide and you lose customers, many more than you'll lose due to bugs that the majority of your customers aren't even going to know or care about.

And as for the emoji comment, I'm sure you know that that's not Apple's decision, and the hype surrounding emojis is generated by sites like MR; Apple themselves don't make that much of it.

 

[PBRsg]

Do you not think the practice of pushing out a new version of iOS every year is driven by customer demand and expectation, rather than an arbitary decision by Apple? The problem is, people expect a revolutionary, magical new iPhone every year and a new version of iOS packed with new features. Fail to provide and you lose customers, many more than you'll lose due to bugs that the majority of your customers aren't even going to know or care about.

And as for the emoji comment, I'm sure you know that that's not Apple's decision, and the hype surrounding emojis is generated by sites like MR; Apple themselves don't make that much of it.

So true, but you may be in the wrong place making that comment. Half of the comments here are: "Apple, give me something new to play with". Making an iPhone which looks like the previous one (even if the internals are completely different) is a cardinal sin. My priority, on the other hand, are devices which do not give me any problems and let me get on with what I want to do. Welcome to modern society, where everything is play and people have the attention span of a goldfish.

 

[Sevendaymelee]

I don't care if it ruffles feathers. Anyone who allows access to their car or home via app is a fool.