Apple plugs IoT HomeKit hole [source: nakedsecurity]
by CIRT Team
Apple just can’t seem to get away from the theme of security flaws right now.
And it only seems fair to mention the small matter of the ‘show your password hint in encrypted APFS volumes’ issue macOS High Sierra users were told about in October.
Even Google’s Project Zero has got in on the act, publishing news of a jailbreaking proof-of-concept for iOS and macOS that seemed designed to draw attention to unexpected weaknesses in once-impregnable Apple software.
Now a researcher has discovered that Apple’s HomeKit Internet of Things (IoT) framework has a vulnerability serious enough to allow an attacker to control IoT devices using its protocol, such as thermostats, lights, power points, air conditioners, as well as smart home locks and garage door openers.
For more, click here.