Apple Fixed iOS 11.2 Vulnerability That Allowed Unauthorized Access to HomeKit Devices

[Diving Capers]

What assumptions did I make about how you reached your point of view? My whole comment started with the question "why?". Why does anyone think Apple software would be better with Forstall in place? How had he demonstrated competence in systems with this level of complexity? What vision did he show?

I'm not assuming how you reached your point of view, I'm asking how you reached it. If it just boils down to "I don't like Cook, Cook fired Forstall, ergo Forstall must be awesome" then I don't find it very compelling. Forstall had a long tenure at Apple-- what tangible evidence is there for your point of view?

Jobs may have seen something in him, but was it anything more than his being a loyal lieutenant? Jobs kept him around, but Jobs also kept Cook and Ive around. Jobs selected Cook for the CEO slot. So if your opinion is predicated on Jobs' opinion, then Jobs thought Cook was the better successor.


To quickly address your other points: I don't need to know that the flaw happened while he was there because I'm not arguing it wouldn't have if he were. The fact that every iOS version under Forstall was jailbroken demonstrates that every version had serious security flaws. Cook didn't "oust" Forstall, he was Forstall's boss and fired him. He didn't do it in a hurry, he did it after a year and after several high profile failures. I wasn't there, so only know what I read, but most of the evidence suggests that none of the top management would work with Forstall-- which doesn't make him a likely coup leader. So, it's unlikely that Cook was threatened by him-- it's more likely that he saw no reason to retain someone that divisive and who refused to take responsibility for their own work.

To keep it simple but mostly because I have no interest in continuing this debate I’m going to have to say that we will have to agree to disagree.

We don’t all need to believe the exact same thing.... we are not lemmings after all.

 

[25ghosts]

apple software used to have a reputation

Still does... it just isn't as reputable as it used to

 

[RecentlyConverted]

apple software used to have a reputation

It did, but its getting a new one!

 

[Vasilioskn]

HomeKit is like Siri.... anything else is better lol

 

[melendezest]

What good is hacking into a home if you're not also physically there?

Um, invade your privacy, take nudie pictures/video of you, your wife, your kids, case the place so they can do mayhem later or when you least expect it, etc, etc.

You lack the imagination that criminals thrive on, my friend.

 

[vipergts2207]

Um, invade your privacy, take nudie pictures/video of you, your wife, your kids, case the place so they can do mayhem later or when you least expect it, etc, etc.

You lack the imagination that criminals thrive on, my friend.

I don't lack imagination, I just realize that every scenario has some potential vulnerability.

Security camera video stored locally? Can't be hacked, but a treasure trove of evidence at risk of theft in case of a break-in.

Security camera video stored offsite in the cloud? Can't be stolen by a thief, but possible to hack like you said.

Security camera video stored locally and offsite? Benefit of redundancy, but vulnerable to both previous scenarios.

No security cameras installed? Far less evidence with which to catch a thief in case of a break-in, though no possibility of videos of me walking around the house naked that nobody would want to see anyway.

 

[ErikGrim]

"The issue affecting HomeKit users running iOS 11.2 has been fixed. The fix temporarily disables remote access to shared users, which will be restored in a software update early next week.”

I’m guessing this is why I can’t add my wife (not registered with icloud error) to my newly set up home?

 

[melendezest]

I don't lack imagination, I just realize that every scenario has some potential vulnerability.

Security camera video stored locally? Can't be hacked, but a treasure trove of evidence at risk of theft in case of a break-in.

Security camera video stored offsite in the cloud? Can't be stolen by a thief, but possible to hack like you said.

Security camera video stored locally and offsite? Benefit of redundancy, but vulnerable to both previous scenarios.

No security cameras installed? Far less evidence with which to catch a thief in case of a break-in, though no possibility of videos of me walking around the house naked that nobody would want to see anyway.

I agree that there is nothing impenetrable.

But I see "home automation" in general compounds vulnerability.

In my case, the cameras in question would be outside, uploading to both the cloud (my phone) & local.

While they can potentially be hacked and used to determine entry and egress patterns, the only things they'd see is the outside of the house.

When used in conjuction with a robust home alarm system the vulnerabilities are mitigated significantly.

 

[ersan191]

Did this also disable multi-user geofencing? Because mine hasn't been working approximately since this article was posted.
[doublepost=1513025052][/doublepost]

Well my automation is not working now. I didn't think their server side disable would affect that.

Do you also have multi user geofencing set up for automation? Or is all automation (timers, etc) not working?

 

[KeithJenner]

"The issue affecting HomeKit users running iOS 11.2 has been fixed. The fix temporarily disables remote access to shared users, which will be restored in a software update early next week.”

I’m guessing this is why I can’t add my wife (not registered with icloud error) to my newly set up home?

I hope that’s the reason.

I added a new light and room to HomeKit today, and the room didn’t show up on my wife’s app. I wasn’t aware of this issue, and decided to remove her and then add her again to force the changes. I’m now getting the unable to add error, and looking at the apple support forums it seems that a few people are having that same issue in the past couple of days.

I’m hoping that it will resolve with the update. At least ours are just lights so we can use the native app instead. Just losing some automation at the moment,

 

[ersan191]

I hope that’s the reason.

I added a new light and room to HomeKit today, and the room didn’t show up on my wife’s app. I wasn’t aware of this issue, and decided to remove her and then add her again to force the changes. I’m now getting the 7nable to add error, and looking at the apple support forums it seems that a few people are having that same issue in the past couple of days.

I’m hoping that it will resolve with the update. At least ours are just lights so we can use the native app instead. Just losing some automation at the moment,

Yeah looks like this is because of the problem, I'm having similar issues - gotta wait til 11.2.1 I guess.

 

[whsbuss]

Did this also disable multi-user geofencing? Because mine hasn't been working approximately since this article was posted.
[doublepost=1513025052][/doublepost]
Do you also have multi user geofencing set up for automation? Or is all automation (timers, etc) not working?

Yes I do. I turned it back on on the iPad acting as the hub, but it did not work (sunset today nothing happened).
[doublepost=1513029401][/doublepost]

Yeah looks like this is because of the problem, I'm having similar issues - gotta wait til 11.2.1 I guess.

I hope so because this really Sucks!

 

[K. Bayquoi]

You read an article about a vulnerability in Homekit's framework but decided to post a comment throwing dirt on 3rd parties? I mean while we're at it, let's just blame the macOS hole and iOS issue on 3rd parties too. Not only do you unfairly disparage 3rd parties, you try to diminish Apple's culpability with "at least they are pretty good at fixing problems fast once they are identified". So they aren't at fault and they fix problems fast. Got it. We should be grateful.

I gotta preemptively apologize. For some odd reason I am unnaturally and unreasonably triggered by your post. I think it's the blame others but praise Apple's quickness take that's got me sideways. It's either that or the fact that the cat keeps sticking her paw in my scotch glass and drinking from her claw. Little bit of column A, little of column B maybe. Sorry.

Sorry if you felt I was throwing dirt on 3rd parties developers. This comment had no relation to the recent venerability in HomeKit(which has been fixed). That was not my intention, but I see how you may have jumped to that conclusion. As a retired computer engineer(programmer), Apple has always been known for developing a "close" system architecture, different from windows(and now Android) which was considered more "open". This more "open" architecture was always preferred by most businesses(at least in my career) because so many of the demands from business clients simply could not be done, in the more restrictive close system of Apples. Yet for so many of the uses that the home user needed in a computer, it could be done within Apples system, as long as you were able to accept Apples way of doing it. Also this allowed Apple to create better security, more reliability, easier to use, and less issues with add-ons because Apple controlled tightly, the developing environment. There was truth in Apples marketing phrase, "it just works!". I finally grew tired of spending 8-12 hours a day creating, working and fixing computer problems in windows at work, and having to come home just wanting to read my email or surf the net, and having to spend another hour or so, fixing a blue screen or removing a virus(digging through the registry file) etc.etc.etc. Now that I am retired, I use Apple products exclusively. This "closed" architecture has allowed them to create a suite of very dependable products that talk and pass info back and forth between their products in a seamless manner, that no one else has been able to do, as effectively. My comment about the HomeKit was a bit misleading and perhaps said, out of frustration. I am presently trying to incorporate a number of home automation items and wanted to use HomeKit as the underlying connecting product. But have been frustrated, first because there are far fewer products out there, that are Homekit compatible, and have now been forced into using Echo Alexa, simply because it was first to market and has a much wider acceptance, with more products that are compatible than with HomeKit. HomeKit does, IMHO, have more security(that venerability has been fixed) than Amazon or Google. But today, Apple has fallen behind these others, in acceptance. Perhaps Apple will catch up(I hope). But...myself being a "3rd party developer" for part of my career, I understand how more difficult it becomes when you don't have full control of the developing product, but rather, have to depend on collaboration with an outside company for both products to come together and work properly. Hence, this frustration was probably at the root of my first comment....sorry.