A HomeKit susceptibility in iOS 11.2 that allowed unapproved access to Homekit accessories that take in smart locks has been solved by Apple.
The issue that has an influence on HomeKit users that are running iOS 11.2 has been solved. The solution has temporarily disarmed remote access to shared users, which will bring back in a software update early next week.
To cover the vulnerability, which was hard to reproduce, Apple deactivates remote access for shared users, something reintroduced in a software update that is announced to be released in next week.
Apple smartly discourses the vulnerability server side as it affected the HomeKit Framework instead of individual HomeKit products. Though the damage has an impact on all HomeKit devices, it is of peculiar interest to HomeKit users with smart locks and also, other HomeKit-empowered gadgets that enable access to the home, as somebody ready to exploit this sort of issue could gain entry to a home without a physical key.
Apple initially informed about the HomeKit vulnerabilities & other security issues in October. Some of the issues were solved in iOS 11.2 and watchOS 4.2, while the other was fixed server side. HomeKit setups with no less than one connected iPhone or iPad running iOS 11.2 and signed into a HomeKit client’s iCloud account were affected.
A lot of improvement and it’s adoption has been gradually grown since the launch of HomeKit in 2014. A wide range of manufacturer is holding HomeKit.