"An Apple HomeKit Bug Can Send iOS Devices Into a Death Spiral"

New security research has revealed a vulnerability that can cause iOS devices to freeze, crash, and reboot if a user connects to a sabotaged Apple Home device. The bug, discovered by security researcher Trevor Spiniolas, can be exploited via Apple's HomeKit API, which is the software interface that enables an iOS app to control compatible smart home devices. According to Spiniolas, if an attacker creates a HomeKit device with a significantly long name, such as one with a length of around 500,000 characters, then an iOS device connecting to it will become unresponsive when it reads the device name. The iOS device will start freezing and rebooting, which can only stop if the device is wiped and restored. Users are urged to immediately reject any invitations to join an unfamiliar Home network in order to protect themselves from the attack. In addition, iOS users currently using smart home devices should disable the setting "Show Home Controls" in the Control Center to limit which information can be accessed through the center. The new vulnerability impacts the latest iOS version, 15.2, and goes as far back as version 14.7. This article continues to discuss the potential impact of the Apple HomeKit vulnerability, how iOS users can guard against an attack executed through this bug, and Apple's response to the disclosure of the flaw. 

The Verge reports "An Apple HomeKit Bug Can Send iOS Devices Into a Death Spiral"