Apple has fixed an issue in iOS 11.2 that could allow unauthorized access to HomeKit products. The issue was first reported by 9to5Mac.
Apple provided a short statement to the site:
“The issue affecting HomeKit users running iOS 11.2 has been fixed. The fix temporarily disables remote access to shared users, which will be restored in a software update early next week.”
More precise details about the vulnerability weren’t mentioned, but the original report said that it was “difficult to reproduce.” The site also didn’t mention how it found out about the issue:
We also understand that Apple was informed about this and related vulnerabilities in late October, and some but not all issues were fixed as part of iOS 11.2 and watchOS 4.2 which were released this week. Other issues in this category were fixed server-side from Apple so end users needed to take no action.
The issue didn’t involve smart home products but instead the HomeKit framework itself. While all type of HomeKit products were affected, it should definitely be concerning to anyone with a smart lock or smart garage door opener.