Let’s put a remotely accessible computer in a door lock, what could possibly go wrong?
A HomeKit vulnerability in the current version of iOS 11.2 has been demonstrated to 9to5Mac that allows unauthorized control of accessories including smart locks and garage door openers. Our understanding is Apple has rolled out a server-side fix that now prevent unauthorized access from occurring while limiting some functionality, and an update to iOS 11.2 coming next week will restore that full functionality.
The Internet of Things (IoT) introduces all sorts of new and interesting exploits. These exploits range from minor, such as your lights turn colors, to severe, such as having your doors unlock for an unauthorized person. Unfortunately, since software is already incredibly complex and becoming more so every day it’s unlikely we’ll see secure IoT devices anytime in the near future. Fortunately, it appears that Apple caught this vulnerability and was able to patch it before it was actively exploited.