Researchers Detail New HomeKit ‘doorLock’ Bug Affecting Apple iOS

A persistent denial-of-service (DoS) vulnerability has been discovered in Apple’s iOS mobile operating system that’s capable of sending affected devices into a crash or reboot loop upon connecting to an Apple Home-compatible appliance.

The behavior, dubbed “doorLock,” is trivial in that it can be triggered by simply changing the name of a HomeKit device to a string larger than 500,000 characters.

This causes an iPhone or iPad that attempts to connect to the device to become unresponsive and enter an indefinite cycle of system failure and restart that can only be mitigated by restoring the affected device from Recovery or DFU (Device Firmware Update) Mode.

HomeKit is Apple’s software framework that allows iOS and iPadOS users to configure, communicate with, and control connected accessories and smart-home appliances using Apple devices.

“Any device with an affected iOS version installed that loads the string will be disrupted, even after rebooting,” security researcher Trevor Spiniolas said. “Restoring a device and signing back into the iCloud account linked to the HomeKit device will again trigger the bug.”

The flaw impacts the latest version of iOS, 15.2, and goes back at least as far as version 14.7, with the weakness likely present on all versions of iOS 14 from 14.0. Apple, for its part, was made aware of the bug on August 10, 2021, with the company aiming to resolve the flaw in early 2022.

While iPhone maker has attempted to mitigate the issue by introducing a local size limit on the renaming of HomeKit devices, Spiniolas noted that the core issue of how iOS handles HomeKit device names remains unresolved.

In a real-world attack scenario, doorLock could be exploited by an attacker by sending a malicious invite to connect to a HomeKit device with an abnormally large string as its name, effectively locking users out of their local data and preventing them from logging back into iCloud on iOS.

Read more




Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Hidden Presence of Joker in COVID-19/Corona-themed Apps

The 8 Essential Components of Good I.T. Support in the Hospitality Industry

Bounty Hacker TryHackMe 2021

All About RocketChat

Protecting Your WiFi from Jamming: Tips & Tricks to Stay Protected

Journey of achieving great software ( Part 2) — Web application security guidelines

iBG Finance

Social Deficit: Automating Against Social Engineering

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


More from Medium

Escaping to the Belgian coast: Suite 133

Giving a Presentation — The Apple Way

New report explores ‘Right to Repair’ movement as Apple doubles down on its policies

MacOS Bootstrap 2022 — Finder