Huge iOS 11.2 Security Issue: Homekit Allows Hackers to Unlock Users’ Doors Remotely

iOS 11.2 homekit

The new iOS 11.2 update fixed some unexpectedly reboot issues, but because it was rushed, it appears to have introduced some as well! One such security problem is a flaw in HomeKit that allows unauthorized parties to access controls in your home.

Let's Learn More about the iOS 11.2 HomeKit Security Issue?

An anonymous source recently discovered a bug of iOS 11.2 that allows hackers access to a user’s HomeKit app, allowing them to possibly unlock doors remotely. Obviously, this kind of flaw moves beyond the realm of cyber security, as it could potentially be used by thieves to physically enter someone’s house. Taking advantage of a feature that allows users to share access to the house with others, hackers could theoretically gain access to properties.

Luckily, the issue seems difficult to reproduce consistently, and it doesn’t seem to have been exploited yet by actual intruders. Just in case, Apple temporarily disabled the “shared users” function of HomeKit (which was part of the vulnerability), patching up the flaw for the moment. Apple says that they will fix the issue permanently in the coming update. They may have known about the vulnerability as early as October, but it was not publicized until recently.

Since the fix was done server-side, users don’t need to do anything and there is no need to update any software. The patch is automatic—though users will lose the ability to share access to HomeKit with other users until the final patch comes out.

This is one of a few issues with iOS 11.2, a new update that was rushed into release—ironically to address some serious security and functionality issues with the update before this.


Hacker

What Hackers with Malicious Intent Can Do

In this particular security breach, naturally a hacker working with a real-life thief could conspire to get inside your house and rob you. There is no evidence that this has happened yet—but it does expose some of the flaws of HomeKit in general. Could it be subject to other security breaches in the future?

Nowadays, with mobile phones more connected than ever, hackers can violate your privacy in many ways. They can:

  • Harvest personal data to sell or leak on the Internet, and sometimes they can even collect financial data to sell to criminals.
  • Phish information from you by spoofing a common app that you trust.
  • Inject malware into apps you use, so that they can steal your passwords.
  • Use malware to record your keystrokes.
  • Capture your private data as it travels wirelessly.
  • Steal company secrets or intellectual property.
  • Use your device to access a larger network that it is a part of—for example, your company intranet.

This is why it’s important to protect yourself as much as you can. Paying attention to mobile security is a must, or you could find yourself in the midst of one of these common security breaches.

How Can iOS Users Protect Their Privacy from Hacking Attacks

Though nothing is foolproof, you can take steps to protect yourself from hackers and malicious software. Here are some of the ways that you can keep your mobile device as safe as possible:

Tip 1: Erase the Data on Your iPhone

Erase the data on your phone, especially if you want to give your device away, sell it, or recycle it. If it leaves your hands, remove all the data first. Factory resetting it is one way to do this, but unfortunately, this doesn’t mean that the data isn’t recoverable with special recovery software.

If you want to permanently remove your data beyond recovery, use a tool like iMyFone Umate Pro for Win or for Mac to scramble the data. Even a hacker can’t recover your private info if you do this.

Try It FreeTry It Free

3 Simple Steps to Erase iPhone Data with Umate Pro:

Step 1. Launch Umate Pro on your computer with your iPhone plugged in, and then choose erasing mode, like “Erase Deleted Files”.
Step 2. Click Scan and preview your iPhone data which was deleted before.
Step 3. Select the files you want to erase and click Erase Now.
Erase Deleted Files

Why Choose iMyFone Umate Pro to Erase Data:

  • Data that is erased is 100% unrecoverable by any tool or organization, including FBI!
  • You can delete your private data permanently (without deleting all the info on your iPhone).
  • You can completely remove data and incomplete fragments from third-party apps, like WhatsApp, Snapchat, WeChat, Facebook, and 10+ more.
  • You can permanently erase files that you previously deleted manually (but that are still present and recoverable in your device drive).
  • A great amount of professional software review sites recommend iMyFone Umate Pro to protect privacy, including MacWorld, iPhoneinCanada, APPKED, etc.

Tip 2: Activate Find My iPhone

If you want to keep your phone from getting stolen, one of the best things that you can do is to activate Find My iPhone in “Settings > iCloud”. This way, if you lose your phone, you can use the phone’s own location services to zero in on its position.

Tip 3: Revoke Your App Permissions

If an app doesn’t have intrusive permissions, then if it is injected with malware, it has less power over your phone. Go to Settings > Privacy and manage app permissions, making sure that the apps on your phone don’t have more permissions than necessary. For example, why should your Sudoku app have access to your contacts? Keep an eye out for this kind of thing.

Tip 4: Turn Off Auto-Fill

Auto-Fill can help you save info that you have to input repetitively. Though it might be useful that it can save your passwords and credit card info for later use, if a hacker ever has access to your device, with all that recorded private information, they can quickly gain access to your other accounts or even steal money from you.

You can turn off auto-fill in “Settings > Safari > AutoFill”.

Tip 5: Use a Virtual Private Network

What is a VPN? It’s basically a proxy that lets you access the Internet through a server, instead of exposing your real IP address for the world to see. This can make things a bit more secure.

Tip 6: Use an Anti-Virus

Use an anti-virus on your iOS device, especially if your iPhone is jailbroken (BTW, it’s not suggested to jailbreak iPhone). This will help protect you against malware-based attacks. While you’re at it, it’s a good idea to use an anti-virus on your computer, too, especially if you use Windows.

There are many ways to protect yourself from a mobile attack. Just remember to never take your security for granted!