Developer details Apple HomeKit vulnerability that left locks and cameras open for a month

Channel:
Tech House
Subscribers:
957
Published on ● Video Link: https://www.youtube.com/watch?v=nCUpasiYidY


Duration: 4:44
44 views
0

Developer details Apple HomeKit vulnerability that left locks and cameras open for a month.
Opening your garage door with an Apple Watch? If you’re the one opening the door via HomeKit, that’s pretty cool. But what if a stranger can also access your home? Not so cool.

Back in October, a developer discovered that exact vulnerability in Apple’s HomeKit home automation platform, which launched with the claim that it was “designed with privacy and security from the very beginning,” requiring brand-new accessories with Apple-approved security components. After a month of frustrating attempts to get Apple to fix HomeKit’s security hole, the developer took to Medium to discuss the issue, as well as his concerns about Apple’s “ignorance on security” and dangerously slow response protocols.

Writing under the name “Khaos Tian,” the developer says that HomeKit would readily share lists of both HomeKit accessories and encryption keys over insecure sessions with Apple Watches running watchOS 4.0 or 4.1. With those formerly top secret details in hand, the attacker could act like the home’s owner, controlling every HomeKit accessory from door locks to IP cameras and light switches — whatever had been trusted to Apple’s system.

Tian says that he quickly reported the issue to Apple Product Security. But rather than fixing it, Apple engineers actually widened the security hole with the releases of iOS 11.2 and watchOS 4.2. At that point, both Apple Watches and unauthorized iOS 11.2 devices could receive the sensitive HomeKit information, broadening the array of potential attacks. Concerned about the issue, Tian attempted to follow up with Apple by emailing at the beginning, middle, and end of November, but received no response after an initial October reply that the company would be looking into the problem.



Other Videos By Tech House


2017-12-20Amazon still dominates the smart speaker market — but the competition is closing in AMZN,
2017-12-20If you think AI is terrifying wait until it has a quantum computer brain
2017-12-20Facebook has a giant, Europe sized legal problem
2017-12-20The amazing changes intermittent fasting does to your body and brain
2017-12-20Tidal reminds us it still exists with Android TV and Apple TV apps
2017-12-20Salesforce Brazil head steps down
2017-12-20The UK calls internet access a 'legal right' like water and power
2017-12-20Lenovo has a 27 inch QHD monitor for $200
2017-12-20Is automated flying the future of air travel
2017-12-20Walmart is reportedly developing a store of the future with no cashiers
2017-12-20Developer details Apple HomeKit vulnerability that left locks and cameras open for a month
2017-12-20The Full Nerd episode 37 2018 PC predictions and eating our words
2017-12-20Elon Musk a ccidentally tweets phone number while trying to reach Oculus executive
2017-12-20Developer accuses Apple of slowing down old iPhones to save b attery life
2017-12-20Apple will reportedly unify iOS and macOS apps in 2018
2017-12-20Tinyclues Partners with Cruiseline to Transform the Company’s Marketing Campaign Strategy
2017-12-20Nokia 9 Specs Leak Worth the Hype
2017-12-20This travel agency doesn’t reveal your destination until your plane takes off
2017-12-20Going door to door as teenage evangelist taught me the secret of entrepreneurship
2017-12-20Uber should be regulated as a regular taxi company, top EU court rules
2017-12-20Coinbase is investigating insider trading after it enables — and then disables — bitcoin


Tags:
Developer
details
Apple
HomeKit
vulnerability
that
left
locks
and
cameras
open
for
month
Developer details Apple HomeKit vulnerability that left locks and cameras open for a month