Researchers published a new vulnerability in Apple iOS devices that could let an attacker completely make the device unresponsive. The flaw is tracked by the name of ‘DoorLock’ was found in HomeKit of iOS, which allows an attacker to perform a denial of service attack on the vulnerable iOS device, which could make the device almost unresponsive. Since the bug is not fully fixed by Apple, it has become more important for all iOS users to be aware about the flaw and take the required steps to prevent their Apple devices from DoorLock vulnerability. We have published this post to educate you about the flaw and Let you know how to prevent your Apple device from DoorLock vulnerability.
What Is Apple HomeKit?
HomeKit is a central management system built by Apple to manage smart devices like lights, locks, plugs, cameras, and more from their Apple devices. It enables Apple users to control all the connected smart devices over the internet as like Google Assistant or Amazon’s Alexa. It lets you to turn on/off the lights, change color if they are multicolored, dim or brighten the light, schedule air-conditioners and heaters as per your schedule, turn on the recording or take a picture from your smart camera, and pretty much everything that your smart devices can do. You just need to register the smart device with your Apple ID to make them work from your Apple device. Read more about HomeKit from here.
What Is DoorLock Vulnerability?
The DoorLock vulnerability is actually associated with Apple HomeKit. The vulnerability exists in setting up the name of the smart device in HomeKit. When the name of the device is set to a large string of more than 500,000 characters due to no limit being set on the name of HomeKit devices, when the device try loading, this will be disrupted. In most of cases, the vulnerable device will crash, become unresponsive, and may enter into the reboot loop. Once the vulnerability is triggered on the device and the device becomes unresponsive, reboot doesn’t get the device back to your control. Restore will also not solve the problem as long as you sign in to the same iCloud account linked to the HomeKit device. Because this data is stored in iCloud, restoring a device the bug was triggered on and then signing back into the associated iCloud account will trigger the bug again.Created by Trevor Spiniolas
According To Trevor Spiniolas, The Security Researcher Who Publicly Disclosed The Vulnerability.
- “If the bug is triggered on a version of iOS without the limit and the device shares HomeKit data with a device on an iOS version with the limit, both will be still be affected.
- If a user does not have any Home devices added, the bug can still be triggered by accepting an invitation to a Home that contains a HomeKit device with a large string as its name.
- The bug can also be triggered on versions without the length limit by simply copying a large string of text and pasting it when manually renaming a Home device, although the Home app may crash when doing so”
Apple iOS Versions Affected With DoorLock Vulnerability:
The report says that all versions of iOS 14 and 15 are vulnerable to the flaw. A test was conducted on iOS versions from v14.7 till the latest v15.2. All the versions were found vulnerable to DoorLock vulnerability. It is not sure if the vulnerability affects older than v14.
How To Prevent Apple Devices From DoorLock Vulnerability?
An attacker would prefer to send Home invitations to the victim instead of Application invitations to exploit the vulnerability since invitations would not require the user to actually own a HomeKit device. The attacker can send the invite over email and trick the user into accepting the invitation that triggers the vulnerability on the device. There is no formal way to fix the DoorLock vulnerability as Apple didn’t release security updates to fix the flaw. Please follow these tips to prevent your Apple device from DoorLock vulnerability.
- Turn off the HomeKit devices in the control center until Apple releases a fix for DoorLock Vulnerability.
- Don’t accept illegit suspicious invitations from unknown or untrusted sources over email.
- If you are victimized by the attack, follow these three steps to restore your data from the iCloud:
- Restore the affected device from Recovery or DFU Mode.
- Set up the device as normal, but do NOT sign back into the iCloud account.
- After setup is finished, sign in to iCloud from settings. Immediately after doing so, disable the switch labeled “Home.” The device and iCloud should now function again without access to Home data.
How To Disable The HomeKit Devices In The Control Center In iOS?
- Launch Control Center settings:Launch Setting App from your iPhone or iPad. Select Control Center from Settings screen.
- Disable the HomeKit devices in the control centerToggle the Show Home Control option to off.
- Ensure HomeKit devices are disabled in the control centerTo confirm the HomeKit devices were disabled, Open the Control Center by pulling down on Control Center from the top right corner on Phone with Face ID, swiping up from the bottom on iPhone with Touch ID. If you don’t see the devices then you have disabled the HomeKit devices in the Control Center.