Apple’s home automation platform ‘HomeKit’ for controlling smart home products with iOS apps and its connected devices were reportedly vulnerable to hackers due to a bug. The Cupertino-based tech giant issued a security patch earlier this month, but it is still working on a permanent solution.
“‘HomeKit’ didn’t check the sender of remote message before processing the request, which ended up allowing potentially anyone to remotely control ‘HomeKit’ accessories in the home,” tech website Medium reported late on Thursday.
“Once ‘HomeKit’ receives the message, it should check that the message is sent by you and then unlock the door as the user has asked. Except that in reality, ‘HomeKit’ doesn’t check who sent the message and it will unlock the door whenever someone asks it to do so, the report added.
In the meantime, ‘HomeKit’ users will not be able to add new people or allow existing users to access connected devices remotely. Bugs in WatchOS 4, 4.1 and 4.2, and in iOS 11.2 made it possible for someone to access users’ HomeKit-enabled devices and control them remotely, according to CNET.
‘HomeKit’ software was unveiled by the tech giant for iOS 8 at the 2014 Worldwide Developers Conference (WWDC). It is Apple’s home automation platform for controlling smart home products with iOS apps and its smart assistant Siri’s voice commands.