A recently discovered bug in HomeKit can be triggered if you have a smart home gadget with a long name. What’s worse, it could render your iPhone or iPad completely unusable until you restore it.

Security researcher Trevor Spiniolas uncovered the bug in the HomeKit API that allows iPhones, iPads, and Macs to control smart home devices. The bug leaves your iPhone or iPad unresponsive and stuck in a boot loop. It can be triggered if the name of a device on the HomeKit network has around 500,000 characters.

The only recourse for an affected device is to perform a software reset and avoid logging into your iCloud account. If you do login by accident after a reset, the bug could be triggered all over again because the HomeKit devices are synced to your account.

Check out the video below where Spiniolas demonstrates how the vulnerability works:

If you accept random HomeKit network invitations (Home Invitations) just to mess around with a stranger’s smart devices, this bug could cause you to repent and maybe even lose data during the process. To stay protected from this bug, abstain from accepting any HomeKit network invitations you don’t recognize. The security researcher further suggests that you could disable Show Home Controls in Control Center.

Apple has been apprised of the bug, but Spiniolas said, “despite them confirming the security issue and me urging them many times over the past four months to take the matter seriously, little was done.”

Our Take

Until Apple resolves the issue, we suggest you take the precautions mentioned above. Do you think Apple should limit the number of characters for HomeKit device names, even if the bug didn’t exist? We can’t fathom why one would need a 500,000 character-long device name. Share your thoughts in the comments section below.