iOS 15.2.1 Patches Fairly Serious ‘doorLock’ HomeKit Security Flaw

Home App in Apple App Store on iPhone 11 Pro Credit: Elijah Fox / iDrop News
Text Size
- +

Toggle Dark Mode

Earlier this month, a security researcher discovered a fairly serious security flaw in Apple’s HomeKit framework that had the potential to render your iPhone unusable, even after restoring it from an iCloud Backup.

The researcher, Trevor Spiniolas, called the vulnerability doorLock, and while he may have overstated the risk of encountering the flaw, there’s no denying that it’s a serious problem, and potentially dangerous for anybody who does find themselves exposed to it.

The good news, however, is that iOS 15.2.1 fixes this bug, providing yet another reason why it’s always a good idea to stay abreast of the latest iOS updates.

In fact, it’s the only security update listed for iOS 15.2.1. Apple describes the impact as “Processing a maliciously crafted HomeKit accessory name may cause a denial of service,” and credits Spiniolas with the discovery.

While it’s good that Apple finally addressed this issue — better late than never — the whole reason that Spiniolas went public with it on January 4 was that Apple had otherwise been dragging its heels on a fix. Spiniolas notes that he reported the problem to Apple on August 10, 2021, and the company promised to issue a fix by the end of the year. However, when Apple revised that in December to “early 2022,” Spiniolas told them he’d be going public with it on January 1, as he had waited long enough and felt it was important for people to know about it.

The Dangers of doorLock

According to Spiniolas’ testing, the flaw is triggered when iOS 15.2 or earlier encounters a HomeKit device name with more than 500,000 characters. This causes any iPhone or iPad that sees this device name to immediately reboot, continuing into an endless cycle of restarts as it tries — and fails — to process the “maliciously crafted” device name every time it starts up.

Since HomeKit accessories are also synced to other iOS devices via iCloud, this also has the potential to impact all of a user’s devices, and possibly even those belonging to their family members.

Even restoring from an iCloud Backup doesn’t solve the problem, as the HomeKit devices will be restored as part of that backup, at which point the iPhone or iPad will detect the malicious device name and go right back into a cycle of endless reboots.

If you’ve already been hit by this bug, there appears to be no way out except to restore your iPhone from an iCloud backup and avoid signing in to iCloud during the setup process. With iOS 15.2 and earlier, you had to sign in to iCloud after the setup was completed, and then quickly disable HomeKit sync in iCloud settings before the corrupted data could be pulled back down.

Now that iOS 15.2.1 fixes the problem, however, you should be able to simply update your device to this latest version of iOS before restoring from iCloud. Of course, if you haven’t encountered the problem at all, then iOS 15.2.1 will simply protect you from being affected by it in the first place.

To be clear, the likelihood of falling victim to this flaw was pretty slim, since as Apple notes, it requires a “maliciously crafted” — that is, deliberately created — HomeKit device name.

You’re not going to run into a HomeKit device with a 500,000 character name by accident; this would have to be either a targeted attack by a hacker who breaks into your HomeKit network, or a phishing attack that convinces you to join a fake HomeKit home that contains one or more of these offending devices.

It’s worth keeping in mind, however, that just because Spiniolas found the flaw occurring only with extremely long device names doesn’t mean that there aren’t other “maliciously crafted” device names that could trigger this flaw. It’s likely that the iOS 15.2.1 fix addresses all of these possibilities, so if you’re a HomeKit user, it’s still a good idea to update right away.

Sponsored
Social Sharing