Hot topics

Apple HomeKit security bug can brick iPhones

Battery iPhone
© DenPhotos /

Read in other languages:

If you're using Apple Homekit, you need to pay close attention, because a security vulnerability is causing quite a stir at the moment. Due to a bug in the home automation system, iPhones and iPads can be bricked. The problems around the so-called "DoorLock" doesn't stop there, however, because the error is already known since August 2021 and was now published by the security researcher Trevor Spiniolas.


  • A security flaw in Apple's Homekit is currently causing quite a stir.
  • iPhones and iPads can be rendered unusable by a font flaw.
  • Apple is planning an update for early this year.

With Apple's Homekit, many things can be controlled without any problems. However, a security flaw has now been published that primarily affects devices running iOS 14.7 or later. Spiniolas found that device names with a long string cause a bug that renders the devices unusable. His tests showed that a string of around 500,000 characters will cripple devices that load them from the HomeKit API. At that point, rebooting the devices won't help; instead, the devices will have to be completely reset, resulting in the loss of personal data.

With iOS 15.0, Apple implemented a limit to the string, but devices running iOS 15.2 also seem to be affected. So if a device running an older operating system loads the long string into the HomeKit API, then the newer devices can also load that string and subsequently stop working.

"All iOS versions released from iOS 14.7 have been tested, and the vulnerability exists on all versions. Devices used during testing include an iPhone 7 (iOS 15.2-14.7), an iPad 6 (iOS 15.0 beta and iOS 14.7), and an iPhone XS (iOS 14.7.1 & 14.7). While untested, it is likely that the bug exists on all versions of iOS 14."

Apple plans to fix the bug early this year

When an iOS device name is changed, it is downloaded and updated by all connected devices - this is what triggers the bug in the first place and causes the devices to stop working. If the devices are not connected via Home Data, then only the Home app will stop working. Whether or not you choose to disconnect your Home Data until the bug is fixed, however, is up to you.

There is another danger from this vulnerability besides the functionality issue. Should attackers try to send the data to devices with a ransomware, then devices with iOS 14.7, for example, could be rendered unusable by third parties. This would result in the loss of all personal, unsaved data without any action on your part.

"I then informed them on December 9th that I planned to publicly disclose this information on January 1st, 2022. I believe this bug is being handled inappropriately as it poses a serious risk to users and many months have passed without a comprehensive fix."

The security researcher found the bug back in August 2021. Apple hasn't really responded to the bug since then, which is why Spiniolas now decided to go public. He claims that the bug poses a serious risk to users' devices and that's why he disclosed the bug.

What do you think of the security flaw? Is it a serious threat or nothing to really worry about? Let us know in the comments!

Via: Golem Source: Trevor Spiniolas

The best smartphones under $1,000 

  Editor's recommendation The best iPhone The best camera phone Value for money The best foldable The most affordable
  • $799
  • $799
  • $999
  • $599
  • $999
  • $499
Picture Samsung Galaxy S24 Product Image Apple iPhone 15 Product Image Google Pixel 8 Pro Product Image Nothing Phone (2) Product Image Samsung Galaxy Z Flip 5 Product Image Google Pixel 7a Product Image
Review: Samsung Galaxy S24
Review: Apple iPhone 15
Review: Google Pixel 8 Pro
Review: Nothing Phone (2)
Review: Samsung Galaxy Z Flip 5
Review: Google Pixel 7a
Go to comment (0)
Dustin Porth

Dustin Porth
Working student

I started my studies to become a technology journalist in 2019. Besides writing a few articles for our student newspaper and for the university magazine "technikjournal", I also wrote IT articles for a blog and then joined tvfindr. There I learned to love writing reviews. I am a passionate gamer myself and am interested in everything that has even slightly to do with technology.

View all articles
Liked this article? Share now!
Recommended articles
Latest articles
Push notification Next article
No comments
Write new comment:
All changes will be saved. No drafts are saved when editing
Write new comment:
All changes will be saved. No drafts are saved when editing