{"id":10770,"date":"2017-12-08T08:30:03","date_gmt":"2017-12-08T16:30:03","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/12\/08\/news-4542\/"},"modified":"2017-12-08T08:30:03","modified_gmt":"2017-12-08T16:30:03","slug":"news-4542","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/12\/08\/news-4542\/","title":{"rendered":"Apple\u2019s HomeKit security blunder exposes the risk of smart homes"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/images.techhive.com\/images\/article\/2016\/06\/homekitcontrolcenter-100665987-primary.idge.jpg\"\/><\/p>\n<p><strong>Credit to Author: Jonny Evans| Date: Fri, 08 Dec 2017 06:42:00 -0800<\/strong><\/p>\n<p>The expression \u201csafe as houses\u201d will become a thing of the past if tech firms <a href=\"https:\/\/www.computerworld.com\/article\/2476652\/cybercrime-hacking\/can-apple-keep-us-safe-in-the-internet-of-things.html\">don\u2019t get connected home security right<\/a>, and the need to be incredibly watchful was visible in Apple\u2019s latest <a href=\"https:\/\/blogs.computerworld.com\/article\/3239027\/apple-apologizes-issues-mac-login-security-patch.html\" rel=\"nofollow\">security blunder<\/a> this week.<\/p>\n<p>The latest iOS 11.2 update held a zero-day vulnerability attackers could exploit to control smart home devices, including connected locks, <em><a href=\"https:\/\/9to5mac.com\/2017\/12\/07\/homekit-vulnerability\/\" rel=\"nofollow\">9to5Mac<\/a><\/em> explains. While the vulnerability was difficult to exploit, and Apple has acted very swiftly to close this security gap, its existence exposes the risk of smart homes.<\/p>\n<p>Apple\u2019s swift response is two-fold:<\/p>\n<p>To address a problem like this fast is exactly what must be demanded from any smart home solution manufacturer \u2013 nothing less is acceptable. <a href=\"http:\/\/www.applemust.com\/yale-introduces-homekit-support-for-ios-savvy-smartlocks\/\" rel=\"nofollow\">Smart locks must really be lock<\/a>s, and not subject to being undone by opportunistic hackers with time on their hands.<\/p>\n<p>There is a real risk: the industry remains fragmented, not every smart device is truly smart, and some of those early to market solutions have been shown to use poor internal password protection, including the capacity to use these as entry points into home networks.<\/p>\n<p>While others rushed to market with smart home systems, Apple realised the need to ensure security protection in its smart home technologies early on. Its response was to develop HomeKit as a platform for smart home devices on iOS, but to ensure those solutions compatible with HomeKit meet certain criteria, <a href=\"https:\/\/www.computerworld.com\/article\/2947719\/apple-ios\/smarthome-vendors-feel-homekit-pain.html\">including use of approved technologies<\/a>.<\/p>\n<p>The strength of that approach is \u2013 oddly enough \u2013 proven by Apple\u2019s response to this latest vulnerability. You see, Apple was able to address a platform-wide problem by making a temporary fix to its own HomeKit servers.<\/p>\n<p>That\u2019s important in two ways \u2013 it means the company can respond swiftly to smart home security problems as they transpire. Another reason that matters is because it means those wanting to break these protections will need to figure out how to exploit those very same HomeKit servers, which I think will be much harder to achieve than undermining an individual iOS user\u2019s security.<\/p>\n<p width=\"100%\" height=\"420\"><iframe loading=\"lazy\"  src=\"https:\/\/www.youtube.com\/embed\/4nbhfrQfRRE\" width=\"100%\" height=\"420\" frameborder=\"0\" ><\/iframe> <\/p>\n<p><iframe loading=\"lazy\"  src=\"https:\/\/www.youtube.com\/embed\/4nbhfrQfRRE\" width=\"100%\" height=\"420\" frameborder=\"0\" ><\/iframe> <\/p>\n<p>The challenge for those investing in smart home kit remains. Garage doors, door locks, connected security systems \u2013 all that connected convenience also implies additional risk.<\/p>\n<p>The biggest risk is that anyone who can gain control of your iOS device can also then seize control of your connected home.<\/p>\n<p>It is not enough to rely on Apple to <a href=\"https:\/\/www.computerworld.com\/article\/3206564\/apple-ios\/apple-s-ios-11-unlocks-a-future-for-iot.html\">secure your smart home<\/a> \u2013 you also need to ensure you are thinking security as you deploy smart home devices. You must avoid systems that offer poor future software update paths, use poor security protocols and so forth.<\/p>\n<p>You should also take every possible step to ensure those devices you do deploy are tested and approved for HomeKit, as despite this recent flaw I think it remains the most secure smart home platform.<\/p>\n<p>It also means <a href=\"https:\/\/blogs.computerworld.com\/article\/3237768\/strong-and-stable-the-ios-security-guide.html\" rel=\"nofollow\">taking every possible step to secure your iOS device<\/a>.<\/p>\n<p>When \u201c1,2,3,4\u201d and the word \u201cpassword\u201d remain two of the world\u2019s most frequently used passwords there\u2019s a potential problem.<\/p>\n<p>After all, if you use one of those passwords to protect your iPhone, and someone gets hold of that phone and takes control of it, then you might as well also hand them your front door keys, wallet and every piece of personal information you own. And everyone you know.<\/p>\n<p>What I\u2019m arguing is that while we must demand high levels of security from vendors in this space, the biggest security problem remains the same one it has always been &#8212; the end user.<\/p>\n<p>That\u2019s a scenario that\u2019s only going to become more important in the months and years to come, as even <a href=\"https:\/\/skift.com\/2017\/12\/07\/hilton-unveils-plans-for-its-smart-hotel-room-rollout-in-2018\/\" rel=\"nofollow\">hotel chains<\/a> develop smart connected room technologies.<\/p>\n<p>If you\u2019re smart, you\u2019ll secure yourself before you deploy a smart home.<\/p>\n<p><strong>Google+?<\/strong>\u00a0If you use social media and happen to be a Google+ user, why not\u00a0join\u00a0<a href=\"https:\/\/plus.google.com\/u\/0\/communities\/102592251674546201152\" rel=\"nofollow\">AppleHolic&#8217;s Kool Aid Corner community<\/a>\u00a0and get involved with the conversation as we pursue the spirit of the New Model Apple?<\/p>\n<p><strong>Got a story? Please\u00a0<\/strong><a href=\"https:\/\/twitter.com\/jonnyevans_cw\" rel=\"nofollow\">drop me a line via Twitter<\/a>\u00a0and let me know. I&#8217;d like it if you chose to follow me there so I can let you know about new articles I publish and reports I find.<\/p>\n<p><a href=\"https:\/\/www.computerworld.com\/article\/3241118\/apple-ios\/apple-s-homekit-security-blunder-exposes-the-risk-of-smart-homes.html#tk.rss_security\" target=\"bwo\" >http:\/\/www.computerworld.com\/category\/security\/index.rss<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/images.techhive.com\/images\/article\/2016\/06\/homekitcontrolcenter-100665987-primary.idge.jpg\"\/><\/p>\n<p><strong>Credit to Author: Jonny Evans| Date: Fri, 08 Dec 2017 06:42:00 -0800<\/strong><\/p>\n<article>\n<section class=\"page\">\n<p>The expression \u201csafe as houses\u201d will become a thing of the past if tech firms <a href=\"https:\/\/www.computerworld.com\/article\/2476652\/cybercrime-hacking\/can-apple-keep-us-safe-in-the-internet-of-things.html\">don\u2019t get connected home security right<\/a>, and the need to be incredibly watchful was visible in Apple\u2019s latest <a href=\"https:\/\/blogs.computerworld.com\/article\/3239027\/apple-apologizes-issues-mac-login-security-patch.html\" rel=\"nofollow\">security blunder<\/a> this week.<\/p>\n<h2><strong>Not so ideal home<\/strong><\/h2>\n<p>The latest iOS 11.2 update held a zero-day vulnerability attackers could exploit to control smart home devices, including connected locks, <em><a href=\"https:\/\/9to5mac.com\/2017\/12\/07\/homekit-vulnerability\/\" rel=\"nofollow\">9to5Mac<\/a><\/em> explains. While the vulnerability was difficult to exploit, and Apple has acted very swiftly to close this security gap, its existence exposes the risk of smart homes.<\/p>\n<p class=\"jumpTag\"><a href=\"\/article\/3241118\/apple-ios\/apple-s-homekit-security-blunder-exposes-the-risk-of-smart-homes.html#jump\">To read this article in full, please click here<\/a><\/p>\n<\/section>\n<\/article>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[11062,10643],"tags":[10480,10554,714],"class_list":["post-10770","post","type-post","status-publish","format-standard","hentry","category-computerworld","category-independent","tag-ios","tag-mobile","tag-security"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/10770","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=10770"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/10770\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=10770"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=10770"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=10770"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}