A vulnerability in iOS that uses HomeKit as an attack vector it could render your iPhone completely useless. The researcher who has discovered and published it says that Apple has been informed since August 2021, and that this problem affects, at least, the most recent versions of iOS.
According to security researcher Trevor Spiniolas, if we use a name for a HomeKit device with “very long string”, set at 500,000 characters in their tests, iOS and iPadOS devices that load that device with that name can be rebooted and rendered unusable.
Also, since the name is stored in iCloud and updated on all other iOS devices that are signed into the same account, the error may reappear repeatedly without us being able to do anything about it.
Four months ago I discovered and reported a serious denial of service bug in iOS that still remains in the latest release. It persists through reboots and can trigger after restores under certain conditions. https://t.co/SAFbqyZdxY
– Trevor Spiniolas (@TrevorSpiniolas) January 1, 2022
Spiniolas has called the bug “doorLock”, and claims that affects all versions of iOS from iOS 14.7 onwards, although it is likely that it also exists in all versions of iOS 14. In a video that you have shared it can be seen as, although the iPhone is restored, the problem persists and the device continues to crash.
It also says that Apple planned to release a security update that would fix the bug in late 2021. However, Apple reportedly changed its estimate on December 8 to “Early 2022”, so it is a bug that could be fixed soon.
It is true that It does not appear that there will be many users affected by this error. Setting such long names to a device does not make much sense and is very rare. However, it is a serious flaw that can render devices unusable. Hopefully Apple fixes it soon.