fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Apple iOS Vulnerable to HomeKit ‘doorLock’ Denial of Service Bug

Apple iOS Vulnerable to HomeKit ‘doorLock’ Denial of Service Bug

A novel persistent denial of service vulnerability named ‘doorLock’ was discovered in Apple HomeKit, affecting iOS 14.7 through 15.2.

Apple HomeKit is a software framework that lets iPhone and iPad users control smart home appliances from their devices.

According to Trevor Spiniolas, the security researcher who publicly disclosed the details, Apple has known about the flaw since August 10, 2021. Yet, despite the repeated promises to fix it, the researcher says Apple has continually pushed the security update further, and it remains unresolved.

Also Read: The PDPA Data Breach August 2020: A Recap of 8 Alarming Cases

I believe this bug is being handled inappropriately as it poses a serious risk to users and many months have passed without a comprehensive fix. The public should be aware of this vulnerability and how to prevent it from being exploited, rather than being kept in the dark. – Spinolas.

Forcing a reset

To trigger ‘doorLock,’ an attacker would change the name of a HomeKit device to a string larger than 500,000 characters.

To demonstate the doorLock bug, Spinolas has released a proof-of-concept exploit in the form of an iOS app that has access to Home data and can change HomeKit device names.

Even if the target user doesn’t have any Home devices added on HomeKit, there’s still an attack pathway by forging and accepting an invitation to add one.

Upon attempting to load the large string, a device running a vulnerable iOS version will be thrown into a denial of service (DoS) state, with a forced reset being the only way out of it. However, resetting the device will cause all stored data to be removed and only recoverable if you have a backup.

To make matters worse, once the device reboots and the user signs back into the iCloud account linked to the HomeKit device, the bug will be re-triggered.

“In iOS 15.1 (or possibly 15.0), a limit on the length of the name an app or the user can set was introduced,” explains Spiniolas in his blog post.

“The introduction of a local size limit on the renaming of HomeKit devices was a minor mitigation that ultimately fails to solve the core issue, which is the way that iOS handles the names of HomeKit devices.”

Also Read: How Long Do Employers Keep Employee Records After Termination? 1 Hard Question

“If an attacker were to exploit this vulnerability, they would be much more likely to use Home invitations rather than an application anyways, since invitations would not require the user to actually own a HomeKit device.”

The impact of this attack ranges from having an unusable device that reboots indefinitely to not being able to take a backup of your data from iCloud as signing back to the online backup services re-triggers the flaw.

As the researcher explains, this attack could be used as a ransomware vector, locking iOS devices into an unusable state and demanding a ransom payment to set the HomeKit device back to a safe string length.

How to protect yourself

It is essential to underline that the bug can only be exploited by someone with access to your ‘Home’ or via manually accepting an invitation to one.

With that said, there’s no reliable method of regaining access to local data after ‘doorLock’ has been triggered, so users should focus all efforts on prevention.

For this, beware of suspicious invitation messages from email addresses that resemble Apple services or HomeKit products.

If the damage has already been done, follow these three steps to restore your data from the iCloud:

  1. Restore the affected device from Recovery or DFU Mode
  2. Set up the device as usual, but do NOT sign back into the iCloud account
  3. After setup is finished, sign in to iCloud from settings. Immediately after doing so, disable the switch labeled “Home.” The device and iCloud should now function again without access to Home data.

According to the researcher, Apple’s latest estimate for fixing the bug is for “early 2022,” which will be done through an upcoming security update.

We have reached out to Apple to request a comment on the above, and we will update this story as soon as we hear back from them.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us