Products such as iPhone and iPad are popular all over the world, and its built-in iOS operating system has naturally become the target of network hackers. Recently, digital security experts discovered a vulnerability in iOS that could be exploited by a malicious person to instantly disable the activity of an iPhone or iPad.
A digital security expert named Trevor Spiniolas published an iOS vulnerability report online earlier. It means that he found a very serious bug in the iOS system in August 2021. It’s related to Apple’s smart home contract feature, HomeKit, and Trevor calls it a “doorlock” vulnerability.
According to Trevor’s test results, this vulnerability exists in all iOS 14 versions and even the latest iOS 15.2. Trevor first notified Apple after discovering the vulnerability, and Apple responded at the time that the vulnerability would be resolved “by 2022.” But on December 10, Apple sent another letter to Trevor, stating that the solution would not be available until “early 2022.” Therefore, he decided to make the details of the vulnerability public, so that the public can know the existence of the vulnerability and how to prevent it, so as not to be kept in the dark.
The launch conditions for the Doorlock exploit are fairly simple. As long as a HomeKit-related device name exceeds a certain number of bytes (Trevor used more than 500,000 bytes in testing), it will cause iPhones and iPads connected to the same HomeKit network to freeze due to failure to handle it. .
The most troublesome thing about this vulnerability is that even if the user resets the phone, if they log in to the same iCloud account that was affected before, the error will reappear, making the user’s device a “half-brick” in disguise. And even if the Apple HomeKit device is never used, the user’s iPhone/iPad can still be compromised by connecting to the affected network via an invitation.
As mentioned above, the reason why Trevor Spiniolas will disclose the details of the DoorLock vulnerability online is all because Apple has “sighed slow” and failed to block the iOS vulnerability in a timely and effective manner. But after the news was exposed, it caused a great response on the Internet. Apple stepped up its action and released the iOS and iPadOS system update version 15.2.1 on January 13 for iPhone and iPad users.
The impact of the DoorLock vulnerability is quite large. If you are unfortunate, you cannot avoid resetting your phone. To completely eliminate the risk, it is best for iPhone/iPad users to update their devices to version 15.2.1 as soon as possible.