3 min read

Rookie Researcher Finds Potential Ransomware Attack Vector for iPhone

Filip TRUȚĂ

January 04, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Rookie Researcher Finds Potential Ransomware Attack Vector for iPhone

A rookie security researcher claims to have discovered a potential ransomware attack vector for iPhones and iPads that exploits a weakness in Apple’s HomeKit framework.

He calls the exploit ‘doorLock’ and says any iPhone or iPad running iOS 14.7 through iOS 15.2 is vulnerable, with older iOS 14 releases likely affected as well.

Trevor Spiniolas came out with his findings Jan. 1, four months after he notified Apple of the flaw. He claims he went public with the flaw because the company was slow to respond, even though he warned the firm weeks ago that he would speak up about it.

A dead-simple exploit

The self-described ”beginning security researcher” has released a proof-of-concept (PoC) for a denial of service attack that essentially freezes the target device and sends it into a reboot loop, locking victims out of their data. Even if the device is rebooted, the bug is triggered automatically as the device tries to re-authenticate with their Apple account.

“When the name of a HomeKit device is changed to a large string (500,000 characters in testing), any device with an affected iOS version installed that loads the string will be disrupted, even after rebooting,” Spiniolas writes on his blog.

“Restoring a device and signing back into the iCloud account linked to the HomeKit device will again trigger the bug,” he explains.

Apple’s HomeKit framework lets users configure and control smart home appliances using iGizmos. Perhaps key to the bug uncovered by Spinolas, HomeKit is designed to automatically discover such devices and configure them.

There are two ways to exploit the weakness, the simplest of which affects most configurations out there. All an attacker has to do is get the victim to accept a malicious invitation with the long name string, which causes the devices to freeze and go into a reboot cycle that fails to get past the lock screen. Spiniolas demonstrates this real-world attack scenario in a PoC video posted to his blog (embedded below).

“This cycle will repeat indefinitely with an occasional reboot,” the programmer explains. “Rebooting, though, does not resolve the issue, nor does updating the device. Since USB communication will no longer function except from Recovery or DFU mode, at this point the user has effectively lost all local data as their device is unusable and cannot be backed up. Critically, if the user restores their device and signs back into the previously used iCloud linked to the data, the bug will once again be triggered with the exact same effects as before.”

A potential ransomware vector for iOS

Spiniolas believes his findings are grounds for a viable ransomware vector – a rare notion in the context of iOS hardware.

“Because of these effects, I believe this issue makes ransomware viable for iOS, which is incredibly significant,” Spiniolas stresses.

The researcher theorizes that an attacker could even try to spoof Apple services or HomeKit products to dupe less tech-savvy users and demand payment to fix the issue.

Mitigations (caution!)

With the cat out of the bag, someone out there could well try to exploit the flaw for criminal profit – or even just for fun.

There is currently no reliable method to regain access to local data if the attack has already unfolded, meaning it’s probably best not to try this experiment yourself. In any case, Spiniolas says users can at least regain access to the iCloud account linked to their data by following these steps:

Restore the affected device from Recovery or DFU Mode

· Set up the device as normal

· Do NOT sign back into the iCloud account

· After setup is finished, go to Settings and sign into your Apple ID

· Immediately tap iCloud and disable ‘Home’ to prevent syncing up with the iCloud-stored Home data

The simplest way to protect yourself from the worst of doorLock’s effects is to disable Home devices in Control Center, according to the researcher.

As always, it’s recommended that users keep regular backups of their data (preferably offline as well) to stay on the safe side no matter what security threats may be haunting the landscape.

tags


Author



Right now

Top posts

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

December 21, 2021

2 min read
Online Shoppers Beware, Mobile Scams Are on the Rise

Online Shoppers Beware, Mobile Scams Are on the Rise

December 17, 2021

2 min read
The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Apple Patches New Zero-Day and Nasty Privacy Bug with iOS 15.3 and macOS 12.2 Apple Patches New Zero-Day and Nasty Privacy Bug with iOS 15.3 and macOS 12.2
Filip TRUȚĂ

January 27, 2022

2 min read
Microsoft Uncovers New SolarWinds Vulnerability While Analyzing Log4j Exploit Activity Microsoft Uncovers New SolarWinds Vulnerability While Analyzing Log4j Exploit Activity
Silviu STAHIE

January 26, 2022

1 min read
Take Your QNAP NAS Offline! DeadBolt Ransomware Locks Devices via Alleged Zero-Day Flaw Take Your QNAP NAS Offline! DeadBolt Ransomware Locks Devices via Alleged Zero-Day Flaw
Filip TRUȚĂ

January 26, 2022

1 min read