'DoorLock' Vulnerability Can Force iOS Devices to Endlessly Reboot
It can be hard to decide what to name smart home devices. Should an internet-connected lamp be called something utilitarian like "Kitchen Lamp" or be given a unique name like "The Bringer of Light to That Place We Make Food" to make it easier to identify? It may not seem like a critical decision, but a new vulnerability shows that HomeKit device names are pretty important.
Security researcher Trevor Spiniolas revealed this "doorLock" vulnerability on Jan. 1.
"When the name of a HomeKit device is changed to a large string (500,000 characters in testing)," Spiniolas says in a report on the flaw, "any device with an affected iOS version installed that loads the string will be disrupted, even after rebooting. Restoring a device and signing back into the iCloud account linked to the HomeKit device will again trigger the bug."