A new potential issue has emerged and is affecting Apple HomeKit, which directly affects iOS 14.7 through the newer iOS 15.2. The issue is a persistent denial of service vulnerability that carries the “doorLock” moniker. The issue has been found on Apple HomeKit, which for those unaware, is a software framework that lets iPhone and iPad users control smart home appliances directly from their handsets.
The security researcher Trevor Spiniolas publicly disclosed the details. According to him, Apple has known about the flaw since August 10, 2021. So far, nearly five months have passed and the company didn’t address the issue. According to the researcher, despite the repeated promises to fix it, Apple has pushed the security update further, and it remains unresolved. In order to trigger “doorLock,’ an attacker would change the name of a HomeKit device to a string larger than 500,000 characters.
Spinolas has released a proof-of-concept exploit in the form of an iOS app. It has access to Home data and can change HomeKit device names. Even if the target user does not have any Home devices added on HomeKit. There is still an attack pathway by forging and accepting an invitation to add one. While trying to load the large string, a device that is running a version of iOS vulnerable to the issue will be pushed into a denial of service state. It needs to be reset to simply get out of this status. However, while resetting the device, the process will completely wipe the user data. To recover this you’ll need to have a backup, and if you’re missing one, then it’s game over for your data.
Gizchina News of the week
An attacker can use this issue to lock iOS 15.2 devices into an unusable state
When the device reboots and the user signs back into the iCloud account with a HomeKit device, the bug will still be re-triggered. The researcher states that one can use this as a ransomware vector. An attacker can use this to lock iOS devices into an unusable state. They can demand a ransom payment to set the HomeKit device back to a safe string length. Worth noting that there is a possibility that only someone who has access to your “Home” can exploit the bug. Otherwise, you can still enable access to an attacker manually accepting an invitation.
There is a way to avoid the exploitation of this issue. You need to disable Home devices in Control Center. The users must beware of suspicious invitation messages from email addresses that resemble Apple services or HomeKit products. To regain normal access, you’ll need to Restore the affected device from Recovery or DFU mode. Then, you’ll need to Set up the device as usual, but do NOT sign back into the iCloud account.
According to the researcher, Apple’s latest estimate for fixing the bug is for “Early 2022”. The long-awaited fix will arrive through an upcoming security patch update. Of course, this update will reach the devices running iOS 15.2. However, we don’t know what will happen with iPad or iPhones left in the older versions.