A bug in iOS 15.1 is capable of rendering an iPhone completely unusable, a new study by security researcher Trevor Spiniolas has revealed.
According to the researcher, the vulnerability exists in all iOS versions, starting with iOS 14.7. According to the report, iPhone users on iOS 15 are also affected by this denial-of-service vulnerability.
Apple is said to be aware of the issue and had reportedly promised users a fix before 2022.
“When the name of a HomeKit device is changed to a large string (500,000 characters in testing),” Spiniolas says in a report on the flaw, “any device with an affected iOS version installed that loads the string will be disrupted, even after rebooting. Restoring a device and signing back into the iCloud account linked to the HomeKit device will again trigger the bug.”
In essence: A lamp with a name that’s over half a million characters long can render an iPhone or iPad all but useless by forcing it to constantly reboot itself. Spiniolas says that factory-resetting the device can stop the reboots from occurring, but signing in to the device’s associated iCloud account will trigger it all over again.
The good news is that these endless reboots only affect iOS devices configured to offer quick access to HomeKit products via Control Center. The bad news is that this is the default behavior; iOS users will have to change their settings to defend against this vulnerability. They’ll still have to deal with the Home app crashing all the time, but at least their iPhone and iPad will work.
It might seem like there’s an obvious way to mitigate this flaw: Don’t give a HomeKit device a 500,000-character-long name (who would!). But Spiniolas says that attackers could “send invitations to a Home containing the malicious data to users on any of the described iOS versions” to use the exploit as a persistent denial-of-service attack.
Apps with access to Home data can also change the names of devices, Spiniolas says, so the issue isn’t entirely within the user’s control.
Spiniolas says doorLock was disclosed to Apple on Aug. 10, 2021. The company reportedly said it would issue a fix sometime before the new year, but on Dec. 8, that estimate was apparently revised to “early 2022.”
Spiniolas decided to publicly disclose the vulnerability on Jan. 1 because “it poses a serious risk to users and many months have passed without a comprehensive fix.”
Spiniolas says of the company’s handling of doorLock:
In regards to Apple’s awareness of the issue, I found their response to be insufficient. Despite them confirming the security issue and me urging them many times over the past four months to take the matter seriously, little was done.
Status updates on the matter were rare and featured exceptionally few details, even though I asked for them frequently.
Apple’s lack of transparency is not only frustrating to security researchers who often work for free, it poses a risk to the millions of people who use Apple products in their day-to-day lives by reducing Apple’s accountability on security matters.
Apple didn’t immediately respond to a request for comment.
We track anonymized user information to improve our website.
Because we respect your right to privacy, you can choose not to allow some types of cookies and processing. Click on the different category headings to find out more and change our default settings. Not allowing some types of cookies may impact your experience of our Services and what we are able to offer.
In order to use this website we use the following technically required cookies
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in. Loss of the information stored in a preference cookie may make the website experience less functional but should not prevent it from working.
This cookie enable us to detect the country of which you are visiting from.
These cookies may be set through our Services by our partners. Some have functional purposes such as capping the number of times you see an ad within a short span of time, but most, through uniquely identifying your browser and the device you use to access our Services and the processing of other information, will build a profile of your interests and show you ads more relevant to them, inferred from your browsing activity. If you do not allow these cookies, you will still receive ads but they will be less targeted and less likely to be relevant to your interests.