Zero-day iOS HomeKit vulnerability allowed remote access to smart accessories including locks, fix rolling out
A HomeKit vulnerability in the current version of iOS 11.2 has been demonstrated to 9to5Mac that allows unauthorized control of accessories including smart locks and garage door openers. Our understanding is Apple has rolled out a server-side fix that now prevent unauthorized access from occurring while limiting some functionality, and an update to iOS 11.2 coming next week will restore that full functionality.
This is why I’ll never give Alexa or other devices access to deadbolts or doors. It’s one thing for an attacker to turn off the lights in my house. It’s completely different if they can open the doors and come inside my house.