Apple’s home automation system Homekit has a bug that can give pranksters a way to play their friends really hard pranks, reports 9 to 5 Mac.
Security researcher Trevor Spiniolas found the bug, which can cause an Iphone or Ipad to stop responding to appeals and freeze completely. The bug, like so many others, is about a function that does not control an entry before it is processed.
In this case, it is a matter of renaming devices that are added to the home via the Home app or another Homekit app. Homekit does not control the length of the name, and filling in an extremely long text string will cause not only the Homekit or Home app to freeze but the entire system.
But what’s worse: Because Homekit accessories are added to your iCloud account and shared to all your devices, the bug spreads to all devices where you’re logged in to the same account.
In iOS 15.1, the Apple Home app fixed it so that it is not possible to fill in such long names, but nothing prevents other Homekit-connected apps from doing so.
Someone who wants to make life miserable for others can create a home where an accessory with such an extremely long name is included and then share an invitation to the home. If I thank the recipient, her device becomes unusable. It is not even possible to reinstall iOS and load a backup to get rid of the error because the buggy name is linked to the ICloud account, not just that device.
If you have turned off the Homekit features in Control Center, the effect will be milder. Then the Home app stops working, but the rest of the system can still be used.
Until Apple fixes the bug, we recommend that you do not accept any invitations to the Home app.