Apple made it clear that it has issued a fix for an iOS security flaw that left key connected home hardware open to unauthorized third-party access. This bug reportedly made it possible for an outside party to access things like smart locks and garage doors.
“The issue affecting HomeKit users running iOS 11.2 has been fixed,” uttered by an Apple spokesperson . “The fix temporarily disables remote access to shared users, which will be restored in a software update early next week.”
The fix appears to be a server-side update. This also means that users with 11.2 won’t be opened to have all of the standard remote HomeKit functionalities, until Apple rolls out something more permanent next week. Getting that functionality back will needs updating to the latest version of iOS.
The initial report doesn’t detail the specifics of the exploit in its post, only noting that, “The vulnerability required at least one iPhone or iPad on iOS 11.2, the latest version of Apple’s mobile operating system, connected to the HomeKit user’s iCloud account.” It appears to be a difficult one to replicate and doesn’t impact earlier builds of the operating system. But it may highlight concerns around smart home functionality as users connect more pieces of their home to an ecosystem like HomeKit, Assistant or Alexa.
Bugs are part of any software solution, and Apple’s rushed to fix a couple of prominent ones on macOS and iOS in recent weeks. Like those, the company’s patched things up here with, hopefully, minimal inconvenience to the end user. But as always, it’s important to make a cost-benefit analysis of a connected home offering to decide if it’s the right fit.