A bug in HomeKit, Apple’s home automation platform, can cause an iPhone or iPad to crash indefinitely. To regain use of the device, it must be restored and additional precautions taken.
Security researcher Trevor Spiniolas has found a very serious vulnerability that affects HomeKit in iOS 14.7 through iOS 15.2. This is Apple’s home automation platform, which connects compatible products (thermostats, bulbs, blinds, etc.) to the iPhone and iPad in the Home application. When the name of one of these devices is very long (500,000 characters in its tests), the smartphone or tablet crashes.
And since the name of the faulty home automation device is saved in the user’s iCloud account, all the iOS devices connected to the same account will crash! The bug can even turn into an attack vector, it is indeed possible to share with another user access to a home that contains the famous rogue device.
Spiniolas explains that it is possible to guard against the bulk of the negative effects of the bug by disabling the House suggestions that appear in the control center of iOS. This will prevent system sluggishness, which will end up crashing the iPhone and force restarting it, and so on.
To get rid of the bug, you can also restore the smartphone or tablet, but be careful, without entering the Apple account during configuration. Once the process is complete, you have to go to the settings, activate the Apple account while deactivating the Home access.
But the best thing would be for Apple to fix the bug. Unfortunately, the manufacturer has known since last summer and has not kept its promise of a fix before the end of 2021. This is why Trevor Spiniolas publicly published his discovery, in order to force Apple’s hand. A radical solution, but the researcher believes that the manufacturer is taking too long.