A recent vulnerability in Apple’s HomeKit framework that lets developers build apps for connected devices may also have enabled hackers to remotely control those devices. Considering that some smart locks and other Internet-connected devices around the house were also HomeKit-enabled, the risk was high that hackers could turn into actual burglars.
While Apple quickly patched the HomeKit vulnerability by issuing a server-side update, few details are known about how the actual exploit works, apart from that it’s “ difficult to reproduce.” If an attacker compromised any Internet of Things (IoT) device connected to your home network – regardless of whether it’s a smart lock, a smart refrigerator, or even a toaster – he could potentially infect other network-connected devices.
It’s common practice for users to connect all their devices to the same home network, meaning that if your smart lock is compromised, your laptops, Macs, and even your mobile devices can potentially be infected. Hackers rarely stop at compromising one device. Since a user’s most valuable data often resides on his phone or laptop, the consequences of losing that information would be dire.
Once attackers find a gateway to your home network, they can use it to plant malware on your Macs and laptops by either taking control of your router – and redirecting you to malicious websites – or exploiting unpatched vulnerabilities to remotely install threats.
Staying Safe
Staying safe means adhering to a few simple security best practices.
- For one, keeping all your devices – regardless of operating system or vendor – up to date with the latest security fixes and updates is a sure way of keeping known vulnerabilities from being exploited. Just as with Apple’s HomeKit, simply installing the latest iOS version on your device and updating all affected IoT-connected devices should mitigate the issue.
- Changing authentication credentials – and keeping them different for each device – is also recommended. For instance, the recent macOS root password vulnerability is a perfect example of the consequences of either default or insufficiently strong passwords.
Cybercriminals exploiting known or unknown vulnerabilities in any home network-connected device will probably be interested in compromising your Mac. Having a security solution on your Mac that can constantly scan for malware or malicious behavior as well as for fraudulent or phishing websites is now a necessity rather than an option.