at the beginning of this month, have found serious vulnerabilities that exist in the homekit developers, can allow anyone to not be authorized to control equipment in the network.unfortunately after more than half a month, apple is still not perfect to solve this problem.
it is reported that as early as october 28, a man named khaos tian, developers have found the problem, and on october 29th will report the security team for apple products.although apple promised in return they will investigate in the 11 months, but then the developers again sent many emails, but no reply.
however, when the ios 11.2 the arrival of the new version khaos tian, disappointed to find although apple does repair report mentioned in the problem, but instead let attacks easier.
developers say homekit now contains the vulnerability of the existence of two problems:although in theory, no one can find homekit equipment unique identification number, but there are two separate bug lets an attacker could find, and not require any authorization.second, if there is an unauthorized someone send homekit equipment instructions, homekit not to make any certification, it but simply through instruction.
if you start homekit devices in the home, so it is a very serious problem is likely to become, because using smart lock family has been more and more.once smart locks can be evaded, it is very dangerous.but khaos tian complain that actually the biggest danger lies in the fact that the apple the response is too slow.
we might see things in the next version of the perfect solution-who knows?may ultimately this bug will not cause serious influence, but apple is more keen.