Hackers can exploit an iPhone HomeKit vulnerability dubbed “doorLock” on iPhones to launch persistent denial of service (DoS) attacks, a researcher says.
Researcher Trevor Spiniolas publicly disclosed the findings in a blog post on the persistent DoS vulnerability “affecting iOS 15.2 – iOS 14.7 (and likely through 14.0), triggered via HomeKit.” He made the disclosure after he previously reported the issue to Apple on August 10th, 2021 and still remains vulnerable in the latest version of iOS 15.2.
Spiniolas said that Apple informed him on December 8, 2021 that they had revised estimates to “early 2022.” However, the researcher subsequently warned the tech giant that he would disclose the details on the vulnerability on January 1, 2022.
“I believe this bug is being handled inappropriately as it poses a serious risk to users and many months have passed without a comprehensive fix. The public should be aware of this vulnerability and how to prevent it from being exploited, rather than being kept in the dark,” Spiniolas wrote.
Spiniolas described the vulnerability exists “when the name of a HomeKit device is changed to a large string (500,000 characters in testing), any device with an affected iOS version installed that loads the string will be disrupted, even after rebooting.”
“Restoring a device and signing back into the iCloud account linked to the HomeKit device will again trigger the bug,” he added.
Moreover, the researcher said there are two likely effects that may occur related to the doorLock vulnerability: 1) if the device does not have Home devices enabled in Control Center OR 2) if device does have Home devices enabled in Control Center (which is the default behavior when a user has access to Home devices).
The former scenario could cause the Home app to “become completely unusable, crashing upon launch.” The latter (default) scenario could cause iOS to become unresponsive and “all input to the device is ignored or significantly delayed, and it will be unable to meaningfully communicate over USB.”
Even rebooting and updating the device may not resolve the issue, Spiniolas added.
Finally, Spiniolas provided a video that describes how to trigger the vulnerability. He also warned how attackers could leverage doorLock to launch ransomware attacks against iOS users in the future:
“An attacker could use email addresses resembling Apple services or HomeKit products to trick less tech savvy users (or even those who are curious) into accepting the invitation and then demand payment via email in return for fixing the issue.”