Apple Is Struggling To Stop A 'Skeleton Key' Hack On Home Wi-Fi
Even with all Apple's expertise and investment in cybersecurity, there are some security problems that are so intractable the tech titan will require a whole lot more time and money to come up with a fix. Such an issue has been uncovered by Don A. Bailey, founder of Lab Mouse Security, who described to Forbes a hack that, whilst not catastrophic, exploits iOS devices' trust in Internet of Things devices like connected toasters and TVs. And, as he describes the attack, it can turn Apple's own security chip on iPhones into a kind of "skeleton key."
There's one real caveat to the attack: it first requires the hacker take control of an IoT technology that's exposed on the internet and accessible to outsiders. But, as Bailey noted, that may not be so difficult, given the innumerable vulnerabilities that have been highlighted in IoT devices, from toasters to kettles and sex toys. Once a hacker has access to one of those broken IoT machines, they can start exploiting the trust iOS places in them.
That's because of the technical workings of something known as an MFi chip - an Apple design it licenses to other manufacturers who want to connect their products with iOS devices. Bailey found iOS devices can be tricked into handing over private network keys to hacked devices that contain such chips.