An attacker could potentially tamper with a user's smart lights or thermostats, or - even worse - open their garage or even their front door if it had a HomeKit-enabled smart lock.
Apple Inc. has patched a serious vulnerability in its HomeKit smart home software framework that could allow malicious actors to hijack and control any device connected using the platform. The fix does, however, disable remote access to shared users, but this will be restored in a software update next week.
"The issue affecting HomeKit users running iOS 11.2 has been fixed", said an Apple spokesperson in a statement.
The flaw in iOS software exposed key connected home hardware for unauthorized access. Another update to iOS next week should eliminate the vulnerability and restore full functionality.
Users don't need to run around unplugging all HomeKit-connected devices: 9to5Mac says that Apple has already deployed a server-side update that fixes the bug, which was in the HomeKit service, rather than the code on individual client devices. The latest black mark against the company comes in the form of a zero-day vulnerability that was discovered in Apple's HomeKit implantation in iOS 11.2.
Experts said that while issues with smart-home systems such as this impact consumer confidence in smart locks and other security devices, traditional locks can also be easily undermined with traditional picking techniques.
According to 9to5Mac, Apple fixed the problem through a software update implemented soon after the report was published. HomeKit users should keep in mind to install the latest update as soon as it arrives.