Apple iOS 11.2 Update Rooted in Smart Home Flaw
Integrators should use latest Apple HomeKit vulnerability to talk about cybersecurity, service agreements to clients.
Yet again, integrators have another powerful reason to talk about cybersecurity with their clients. The Apple iOS 11.2 update released on Dec. 14 was principally instigated by a vulnerability that allows unauthorized control of smart doorlocks, thermostats, plugs, lighting control and garage door openers via Apple HomeKit. The new iOS 11.2 update fixes the potential hack, but for integrators this problem is yet another opportunity to talk about providing cybersecurity protection via service contracts with your customers.
Since the "Zero-Day" iOS problem was identified back in October, Apple had rolled out a temporary fix that prevented access, but also limited some of the functionality for end users trying to control their smart home features via Apple devices.
According to the website 9to5Mac, “The vulnerability allowed unauthorized control of HomeKit-connected accessories including IoT lights, thermostats, and plugs. The most serious ramification of this vulnerability prior to the fix is unauthorized remote control of smart locks and connected garage door openers.”
The website goes on to stress that the issue was not rooted in the smart home devices themselves, but in the HomeKit framework.
In order for end users to be affected by the insecurity, the smart home system had to be using at least one iPhone or iPad on iOS 11.2 and be connected to the HomeKit user’s iCloud account. Apparently earlier versions of iOS were not affected.
According to Apple, speaking to the 9to5Mac website, “the issues affecting HomeKit users running iOS 11.2 has been fixed.”
What does this mean for integrators? First and foremost, you should remind your customers to update their Apple iOS ASAP on their smart devices to close the potential hack, which could be used by thieves to simply unlock a door. If you have a service agreement with them to handle their mobile devices and their other interfaces, you should update the software right away.
Second, the flaw is another reason to reassure your clients that you are watching their system from a cybersecurity standpoint, starting at the network level
Regarding Apple itself, when the first announced HomeKit back in 2014, CE Pro dubbed it as “underwhelming” and not much has changed to alter that viewpoint.
Apple first launched HomeKit with connectivity to companies such as Philips, Chamberlain, Kwikset, Withings, Netatmo, Cree, iHome, Haier, Sylvania, Honeywell and others. Since then, Leviton, Lutron and many others have instituted connectivity.
Meanwhile, the timing of the HomeKit vulnerability is pretty bad for Apple, which already is falling way behind in the voice control category. The company announced the new HomePod has been delayed, missing the holiday buying season, until 2018.
One of the biggest benefits of using HomeKit is that it combines the power of Siri voice control with the smart home. But since the launch, Amazon Alexa and Google Assistant have taken the market by storm, leaving Siri more relegated to its initial uses, such as sending text messages, doing web searches and asking for directions.
The website 9to9Mac asks the provocative question as to whether or not integrators and consumers should “trust HomeKit or smart home products going forward?” The website notes that software bugs happen frequently.
Secure Your Free Pass to CEDIA EXPO 2019
Register before Sept. 2 to gain free access to the opening keynote, product training & education series as well as the show floor including Innovation Alley and much more. Don’t miss your chance. Sign up today.
Jason Knott is Chief Content Officer for Emerald Expositions Connected Brands. Jason has covered low-voltage electronics as an editor since 1990, serving as editor and publisher of Security Sales & Integration. He joined CE Pro in 2000 and serves as Editor-in-Chief of that brand. He served as chairman of the Security Industry Association’s Education Committee from 2000-2004 and sat on the board of that association from 1998-2002. He is also a former board member of the Alarm Industry Research and Educational Foundation. He has been a member of the CEDIA Business Working Group since 2010. Jason graduated from the University of Southern California. Have a suggestion or a topic you want to read more about? Email Jason at email@example.com
Follow Jason on social media:
Control & AutomationCEDIA Find: Cellgate’s Cell-Based Access Control with Streaming Video; Control4 Integration
Product Briefs: Metra at Nationwide; Kenny Wayne Shepard, Dolby Atmos; EPV Partners with D&H
Escape CEDIA Expo! First-Ever Delos Wellness Pavilion Offers Biophilic Refuge
How ADG Successfully Added Lighting Design and Electrical to its A/V
How Vantage Does Human-Centric Lighting: Sun as a ‘Phantom Load’
View more on Control & Automation