17777 Center Ct Dr N Suite 600 Cerritos, CA 90703
A New iPhone Bug In HomeKit Could Brick Your Phone
Thank Trevor Spiniolas' sharp eyes if you own an iPhone. The independent security researcher recently discovered a critical security flaw in iOS that impacts all version from 14.7 to 15.2.
If exploited, this flaw can turn your fancy phone into a very expensive paperweight, so it's one to take seriously.
Trevor discovered that by changing the name of a HomeKit device to a large string of characters, it would cause the iPhone to crash. In his case Trevor used a string half a million characters long for testing.
Unfortunately, there's no easy way out if this should happen to a user because of course the new device name is backed up to the iCloud. So if the user tried to restore the iPhone it would pull the relevant information from the Cloud, hit the renamed device, and trigger the error again.
Spiniolas has publicly disclosed his findings, so Apple is aware of the issue. Initially the company promised a fix before the end of 2021 but they've since come back with a revised timeframe of "early 2022." For now, if you run afoul of this issue you don't have many good options.
Spinolas recommends the following steps for impacted users:
- Restore the affected device from Recovery or DFU Mode
- Set up the device as normal but do NOT sign back into the iCloud account
- After setup is finished, sign into iCloud from settings. Immediately after doing so disable the switch labeled "Home." The device and iCloud should now function again without access to "Home" data.
It's a bit of a process with more hoop jumping than many people will care for. However, the steps outlined above will get the job done and give you your phone back. Here's hoping Apple doesn't hesitate in terms of the fix.
