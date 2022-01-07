A bug in Apple’s iOS and iPadOS systems can lead your device into a freeze, crash, and reset loop that crashes your devices. The flaw, called “doorLock”, allows cybercriminals to set a trap using the HomeKit app.

“Four months ago I discovered and reported a serious denial of service bug in iOS that still remains in the latest version. It persists across reboots and can be triggered after restores under certain conditions,” security researcher published Trevis spinolas on twitter.

The bug happens when HomeKit is used with an extremely long name (about 500k characters).

When the iPhone connects to that device, it stops responding and starts the reset cycle—which is only cut off when iOS is formatted.

According to the American website “The Verge”, the problem doesn’t stop there. As HomeKit device names are copied to iCloud, sign in to the same reactive iCloud account and reboot cycle. That is, the device will only work normally again if the owner turns off iCloud’s syncing home devices option.

Spinolas shared with the site some emails that indicate that an Apple representative recognized the problem and requested that the researcher not publish any information regarding the bug until the beginning of this year.

“Apple’s lack of transparency is not only frustrating for security researchers who often work for free, it also poses a risk to millions of people who use Apple products on a daily basis, by reducing Apple’s liability to security issues,” Spiniolas told the publication.

Apple has yet to comment on the matter.

How to protect yourself?

First you need to understand how the bug works. In practice, the would-be attacker uses a fake home network for the attack, tricking the victim into accepting an invitation sent by email – the famous phishing.

In other words, one of the first things to look out for to avoid the problem is not accepting invitations to join an unknown home network.

Also, users using smart home devices should go to Settings > Control Center and disable the “Show Home Controls” option.

Importantly, this action will not prevent home devices from being used, but it will limit what information can be accessed.