DoorLock

On 10th August, a new report was published in which Apple declared that they had released security updates to address a persistent denial of service (DoS) dubbed “DoorLock.”

This DoorLock bug disables the iPhones and iPads running the HomeKit on iOS 14.7; that’s why it was very important to release security updates so that users could keep themselves free from this kind of attack.

HomeKit is an Apple protocol and a framework that allows iOS and iPadOS users to locate and control smart home devices on their network.

While this vulnerability is reported by the security expert, Trevor Spiniolas (@TrevorSpiniolas) that is tracked as CVE-2022-22588. However, Apple has addressed this security flaw in iOS 15.2.1 and iPadOS 15.2.1.

EHA

Bug and Exploitation

There are many users who are not aware of this bug properly; in this bug, when the HomeKit device gets changed to a large string, then at that time any device that has been affected automatically installs the loads, and suddenly the string gets disrupted, even after trying rebooting the device.

If the user does not have any particular Home devices, the bug can still be activated by accepting an invitation to a Home that eventually includes a HomeKit device.

Moreover, if the threat actors aim to exploit this vulnerability, they would generally be much more likely to utilize Home invitations rather than using an application. 

Effects

Here we have mentioned the effects that have been occurred by this bug:-

  • In case the device does not have any Home devices allowed in Control Center: Well, in this case, the Home app will evolve to be unusable, and it will keep hitting upon.
  • In case the device does have Home devices, and that is allowed in Control Center: In this type of case, the iOS will not respond properly, and all the data that has been input into the device will get delayed, and users can’t be able to communicate properly.

Resolution

The security experts have provided solutions for two kinds of cases, and here we have mentioned both the cases and their solutions below.

In case the users can’t be able to install the testing application, and it happens most of the time:

  • Try to refresh the dissembled device from Recovery or DFU Mode.
  • After that, the users need to set up the device as normal but remember not to sign back into the iCloud account.
  • Once the setup is done, simply sign in to iCloud from settings, and now you can disable the switch  that is labeled as “Home.”
  • Now you can see that the device and the iCloud are working well.

In case of the users are able to install the testing application along with the Xcode, and they hope to regain access to Home Data: 

  • Initially patch the affected device from Recovery or DFU Mode.
  • After that, you can set up the device as normal, but remember not to sign back into the iCloud account.
  • Once you are done, you can easily sign in to iCloud from settings.
  • Now you have to press the back button and then tap the Control Center settings again so that you can reload the page.
  • After that, you will notice that you can install the test application and easily run it with a short.

These kinds of bugs are quite hectic and impact the device very much, so the users are strongly recommended that they must stay alert and keep themselves safe.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

BALAJI is a Former Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.