Apple iOS Users Should be Aware of the “DoorLock” HomeKit Bug
Table of Contents
- By David Lukic
- Published: Jan 04, 2022
- Last Updated: Mar 18, 2022
Apple’s iOS mobile operating system contains a DoS vulnerability. DoS is short for denial-of-service. This bug can cause targeted devices to either reboot over and over again or completely crash when synced up with an appliance that is Apple Home-compatible.
What is Apple HomeKit?
Apple HomeKit is a software framework that permits users who own iPadOS and iOS to configure, control and communicate with smart home appliances and accessories. The control and configuration are accomplished with the use of Apple devices.
How Does the Bug Work?
The bug’s behavior, referred to as “doorLock”, has the potential to be activated with the alteration of the moniker of a HomeKit device to a string of characters in excess of 500,000. The end result is the Apple iPad or iPhone attempting to link up with the device in question, ultimately leads to unresponsiveness. The lack of response spurs a never-ending cycle of systematic failure and ongoing restarts that can only be thwarted with a restoration of the compromised device through Device Firmware Update mode or recovery mode.
What Devices are Targeted?
All Apple devices with an affected iOS version have the potential to be rendered useless as a result of the bug. As long as the device’s iOS version loads up the string, the device will be disrupted despite rebooting. Even if the device is restored and the user signs back into the iCloud account connected to the HomeKit device, will trigger the bug again. The bug affects the most recent version of iOS 15.2. The bug also stems back to iOS version 14.7. The vulnerability is on every version of iOS 14.
What is Apple’s Response to the Bug?
Apple was alerted to the bug in mid-August. Apple representatives have stated they strive to resolve the bug in the initial months of ’22. The iPhone specialist has tried to minimize the issue by using a local size limit in the context or renaming user HomeKit devices. However, the problem still looms as the company has failed to address the primary issue of how iOS handles the names assigned to HomeKit devices.
Why is the Bug Such a Problem?
It is possible DoorLock will be exploitable by a digital attacker with the transmission of a nefarious invitation to link up with a HomeKit device that has an excessively long string of characters as its moniker. The exploit locks out users from their data, ultimately preventing them from accessing iCloud on their iOS devices.
The bug is amplified more as HomeKit device names are also positioned on the iCloud, meaning they are signed into the same iCloud account. This system design leads to a subsequent crash unless the user turns off the option of syncing HomeKit data. The bug threatens iOS user data, yet Apple users have agency in the sense that they can disable Homekit devices within the control center to safeguard their data.