An Apple HomeKit bug can send iOS devices into a death spiral

Illustration by Alex Castro / The Verge

You should always be wary of invites to a stranger’s Home.

That’s the upshot of a new piece of security research that has found a vulnerability capable of locking iOS devices into a spiral of freezing, crashing, and rebooting if a user connects to a sabotaged Apple Home device.

The vulnerability, discovered by security researcher Trevor Spiniolas, can be exploited through Apple’s HomeKit API, the software interface that allows an iOS app to control compatible smart home devices. If an attacker creates a HomeKit device with an extremely long name — around 500,000 characters — then an iOS device that connects to it will become unresponsive once it reads the device name and enter a cycle of freezing and rebooting that can only be ended by...