Apple has been taking its time fixing an iOS bug that makes it easy for miscreants to completely disable an iOS device unless the victim performs a factory restore and follows other cumbersome steps, a researcher said.
HomeKit is an Apple-designed communication protocol that allows people to use their iPhones or iPads to control lights, TVs, alarms, and other home or office appliances. Users can configure their devices to automatically discover appliances on the same network, and they can also share those settings with other people so they can use their own iPhones or iPads to control the appliances. The sharing feature makes it easy to allow new people—say, a housesitter or babysitter—to control a user’s appliances.
Trevor Spiniolas, a self-described programmer and “beginning security researcher,” said recently that a bug in the feature allows someone to send an iOS device into an unending crash spiral. It can be triggered by using an extremely long name—up to 500,000 characters in length—to identify one of the smart devices and then getting a user to accept an invitation to that network.
This post has been read 16 times!