A vulnerability named ‘doorLock’ in iOS has been discovered that uses HomeKit as an attack vector. Affecting devices running iOS 14.7 through 15.2, the vulnerability is capable of locking devices into a spiral of freezing, crashing, and rebooting if a user connects to an affected Apple Home device.
iOS vulnerable to HomeKit ‘doorLock’ bug
The vulnerability, discovered by security researcher Trevor Spiniolas, can be exploited through Apple’s HomeKit API. HomeKit is a software framework that lets users control smart home appliances from their iPhone or iPad.
If an attacker creates a HomeKit device with an extremely long name, larger than 500,000 characters, then an iOS device that connects to it will become unresponsive and enter a cycle of freezing and rebooting that can only be ended by resetting and restoring the device. If you have an affected device, follow these steps detailed by Spiniolas to restore your iCloud data:
- Restore the affected device from Recovery or DFU Mode
- Set up the device as normal, but do NOT sign back into the iCloud account
- After setup is finished, sign in to iCloud from settings. Immediately after doing so, disable the switch labeled “Home.” The device and iCloud should now function again without access to Home data.
In addition, since HomeKit device names are backed up to iCloud, signing in to the restored device with the same account will trigger the crash again until the user turns off the options to sync Home devices from iCloud.
To protect yourself against the attack, the main precaution you can take is to reject any invitations to join unfamiliar Home networks. In addition, users can further protect themselves by accessing Control Center and disabling the “Show Home Control,” setting.
According to the security researcher who publically disclosed the details of the bug, Apple has known about it since August 10, 2021. But, despite repeatedly promising to fix it, Spiniolas says the tech giant pushed the security update further, and it remains unresolved.
On December 8th, Apple revised its estimate to introduce a fix to “early 2022.” The researcher then informed them on December 9th that he would publicly disclose this information on January 1st, 2022.
“Apple’s lack of transparency is not only frustrating to security researchers who often work for free, it poses a risk to the millions of people who use Apple products in their day-to-day lives by reducing Apple’s accountability on security matters,” Spiniolas wrote on his website.
A video of the bug triggering after a restore can be seen below: