Poor management of the names of connected objects makes it possible to freeze the operating system. No patch is available at this time.
Security researcher Trevor Spiniolas has just revealed the existence of a flaw in Apple’s HomeKit home automation software, allowing a denial of service to be triggered on any device running iOS, including the current version 15.2. The bug is found in the management of the names of objects connected to a HomeKit network. If any of these names are too long (over 500,000 characters for example), any iOS device that connects to that network will crash, as can be seen in this video.
The most likely attack scenario would then be that a hacker creates such a HomeKit network and then invites someone to join. If the person accepts, the device will download the data from that HomeKit network through iCloud, then the operating system will freeze. The only way out of this mess is to restore the device without signing into iCloud. When the device is operational again, you can connect to iCloud as long as you immediately deactivate access to HomeKit, to avoid downloading malicious data.
Obviously, this solution is not very satisfactory, because we lose the HomeKit functionality. Those with Xcode development skills can take it a step further and use the exploit code that Trevor Spiniolas posted on GitHub to rename all the object names in the malicious HomeKit network. Unfortunately, there is no easier way to fix the problem.
Apple was alerted to this problem on August 10, 2021. The company has indicated that it will provide an “early 2022” fix, but the researcher believes that this flaw deserves more attention. “I think this bug allows ransomware to be created on iOS, which is incredibly important,” he said in a blog post. In view of this risk, Mr Spiniolas felt that it was better to inform the public now, rather than wait for the publication of a patch.