“There’s one real caveat to the attack: it first requires the hacker take control of an IoT technology that’s exposed on the internet and accessible to outsiders,” Fox-Brewster writes. “But, as Bailey noted, that may not be so difficult, given the innumerable vulnerabilities that have been highlighted in IoT devices, from toasters to kettles and sex toys. Once a hacker has access to one of those broken IoT machines, they can start exploiting the trust iOS places in them.”
“That’s because of the technical workings of something known as an MFi chip – an Apple design it licenses to other manufacturers who want to connect their products with iOS devices. Bailey found iOS devices can be tricked into handing over private network keys to hacked devices that contain such chips,” Fox-Brewster writes. “If Apple is going to fix the problem, it could take years, Bailey warned. That’s because Apple would have to update not just its own tech, but also the licensed MFi chips of its partners. Bailey thinks it would mean changes to entire manufacturing processes as well as internal systems.”
Read more in the full article here.
MacDailyNews Take: Oops. This screwup perhaps helps to explain Apple’s glacial pace on HomeKit and home automation?
How Apple’s HomeKit broke my digital heart – April 3, 2018
Apple’s HomeKit security screwup spotlights the risk of smart homes – December 8, 2017
Zero-day iOS HomeKit flaw allowed remote access to IoT devices including door locks, garage door openers; fix rolling out – December 8, 2017
Apple delays HomeKit launch until autumn – May 14, 2015