Security News > 2022 > January > Apple Home software bug could lock you out of your iPhone
The bug affects the Home app, Apple's home automation software that lets you control home devices - webcams, doorbells, thermostats, light bulbs, and so on - that support Apple's HomeKit ecosystem.
Wiping your data is quick and reliable because Apple mobile devices always encrypt your data, even if you don't set a lock code of your own, using a randomly chosen passphrase kept in secure storage.
According to the description given by Spiniolas, the bug is triggered if Apple's Home app encounters a HomeKit device under its purview with an enormously long name, for example 90,000 characters or more.
If you deliberately rename one of the home devices in your HomeKit network so it has a name of about 100,000 characters or more, the Home app will apparently lock up when it subsequently tries to deal with the weirdly-named device, and ultimately crash.
According to Spiniolas, Apple recently patched the Home app to prevent you renaming devices to have absurdly long names.
If you save the data onto an encrypted removable drive, you can store it both offline and offsite, and in an emergency you'll have access to your iPhone data without needing a working Apple login or an Apple device.
News URL
Related news
- Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More (source)
- Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) (source)
- SLAP, Apple, and FLOP: Safari, Chrome at risk of data theft on iPhone, Mac, iPad Silicon (source)
- Week in review: Apple 0-day used to target iPhones, DeepSeek’s popularity exploited by scammers (source)