Apple's iOS Mobile Operating System is Vulnerable to New HomeKit 'doorLock' Bug 
Reading Time: 2 minutes

Apple’s iOS mobile operating system is vulnerable to the new HomeKit ‘doorLock’ bug. This persistent denial-of-service (DoS) vulnerability is capable of sending affected devices into a crash or reboot loop upon connecting to an Apple Home-compatible appliance.

The ‘doorLock’ bug can be triggered by changing the name of a HomeKit device to a string larger than 500,000 characters. Resulting in the iPhone or iPad trying and connecting to the device becoming unresponsive and entering an indefinite cycle of system failure and restart. This can only be mitigated by restoring the affected device from Recovery or DFU (Device Firmware Update) Mode

About HomeKit
HomeKit is a software framework offered by Apple on iOS and iPadOS devices. The users of these devices can be able to configure and communicate with and control connected accessories and smart home appliances using Apple devices.

According to security researcher Trevor Spiniolas, “Any device with an affected iOS version installed that loads the string will be disrupted, even after rebooting. Restoring a device and signing back into the iCloud account linked to the HomeKit device will again trigger the bug.”

The latest versions of 15.2, 14.7 of iOS are vulnerable to the bug and it’s also likely to affect versions 14 from 14.0 of iOS. Apple was made aware of the bug on August 10, 2021, and it is aiming to resolve the flaw in early 2022. 

As a deterrent, Apple has already introduced a local size limit on the renaming of HomeKit devices. Spiniolas stated the core issue of how iOS handles HomeKit device names remains unresolved.

Bad actors can exploit the doorLock bug to connect to a HomeKit device by sending a malicious invite. They manage to do this by sending an abnormally large string as its name, effectively locking users out of their local data and preventing them from logging back into iCloud on iOS.

HomeKit device names are also stored on iCloud which makes matters worse, as threat actors can sign in to the same iCloud account with a restored device that will set off the crash once again. This can only be avoided if the device owner opts to switch off the option to sync HomeKit data.

Spiniolas further added, “This bug poses a significant risk to the data of iOS users, but the public can protect themselves from the worst of its effects by disabling Home devices in [the] control center in order to protect local data. I believe this issue makes ransomware viable for iOS, which is incredibly significant.”

Related Articles:
Fake Telegram Messenger App Hacking PCs with Purple Fox Malware
Don’t Store your Password in Chrome As Hackers can target Remote Workers
Electromagnetic Emanations can help Detect Evasive Malware on IoT Devices