HomeKit flaw in iOS 11.2 allowed remote access to smart devices, temporary fix already in place


Apple’s software woes continued this week with the publication of a HomeKit flaw that allowed remote access to smart home devices like locks and lights. The company has since issued a temporary patch by disabling remote access to shared users, and plans to permanently plug the hole in a software update next week.

Demonstrated to 9to5Mac by an unnamed source, the HomeKit vulnerability granted unauthorized access to internet-connected devices controlled by Apple’s smart home platform.

The process, which was not detailed in today’s report, is said to be difficult to reproduce. However, unlike recent Apple software bugs, a HomeKit flaw presents a tangible real-world security threat to users who have smart door locks and garage door openers installed in their home.

Fortunately, Apple has implemented a temporary fix by disabling remote HomeKit access to certain users.

“The issue affecting HomeKit users running iOS 11.2 has been fixed. The fix temporarily disables remote access to shared users, which will be restored in a software update early next week,” Apple said in a statement.

The report claims Apple was made aware of the vulnerability in late October, and says some issues were fixed as part of the recently released iOS 11.2 and watchOS 4.2 updates. Apple patched other holes related to the HomeKit flaw server-side, the report said.

Today’s revelations come on the heels of an embarrassing week for Apple software. Last Tuesday, media outlets glommed on to a glaring macOS High Sierra flaw that provided root system administrator access without first requiring a password. Apple pushed out a quick fix, but that patch broke file sharing for some users.

Later in the week, users discovered a date bug in iOS 11.1.2 that threw some devices into a continuous soft reset loop. The issue forced Apple to release iOS 11.2 early in an overnight update on Saturday.

Smart home tech your clients need right now

Full disclosure. I am a complete, total tech geek. My first big tech purchase was the hot “personal digital assistant” Palm VII way back when I was 19 years old.

Some of you reading this probably have no idea what that is, but imagine if a GameBoy had apps, really, really slow internet connection and managed your calendar. That’s pretty much what the Palm VII was.

Fast forward to the grown up tech junkie that I am. I have not one – but two – personal voice assistants in my house. I use Amazon Alexa for connecting to my smart home devices and playing music, and use Google Home upstairs to tell me the weather in the morning and settle arguments with my wife about what actor was in which movie.

Among the real estate crowd, I know I’m not alone. I meet more real estate techies than ever who are aficionados in smart home technology, virtual reality and big data.

Your clients are catching on, too. The number of smart home devices installed in the United States is expected to increase from 42 million in 2017 to 244 million in 2022, according to a recent Forrester Research report. That’s a 480 percent increase over five years!

Perhaps the greatest advancement of home technology in 2017 is that our homes are transitioning from “smart” to “thoughtful.” Products are communicating with each other to a degree that transcends the novelty gadget label.

Take the smart home company Nest for example. The firm, which made its name off its smart thermostat, now integrates with 119 products.

The increasing number of smart home products that connect to one another have motivated even more people to hop on the smart home bandwagon. You no longer need to be techie to love smart home gadgets. So, based on my geeked-out interest in smart home tech, I’ve come up with three gadgets that work great as closing gifts or client recommendations, no matter how techie your clients are. (Bonus: in the spirit of collaboration, these all integrate with Nest.)

Belkin WeMo Mini Wi-Fi Smart Plug

This plug makes any small appliance “smart,” meaning that it connects outlets, and the appliances they connect to, to the web, which allows you to control devices from the cloud. At only $35, it’s an affordable upgrade and a great gift. One of its best features is that you can control the plug from your phone, without blocking adjacent outlets. WeMo also works with Alexa and Google through voice commands, but we’re still waiting for Siri to catch-up.

Automatic Labs’ Connected Car Adapter

Who says smart home tech has to stay in the home? For just $99.95, you can get an auto adapter that provides auto safety while linking to your home’s smart home products. This adapter not only diagnoses engine issues and helps you remember where you parked, it can also link to your Nest thermostat while you are on your way home and prompt it to turn on your heating or cooling system to cozy up your home for arrival.

Yonomi mobile app

Finally, who doesn’t love a good app? This one rocks, and it’s free. Yonomi allows you to control hundreds of smart home devices from one place. It’s like having a personal assistant who takes care of everything before you wake up or walk in the door.

For example, you can create “routines” such as “work day wake up.” On work days, maybe you want motivational music, for the heat to turn on and coffee to be made — the app can help make that happen! There’s an iOS and Android version and it also has skills for Google Home and Amazon Alexa.

I know we’ve only scratched the surface, and with the 2018 Consumer Electronics Show coming up Jan. 9 – 12, we’re about to learn about a whole lot more. Find out more about these brands and catch us at CES where we’ll scour the show floor and dig up the best new tech for work and play, and report back to you.

Everything you need to know about the smart earbuds

The Bragi Dash was, in our eyes, the original hearable. It started out as a crowdfunding darling before actually coming out and winning back-to-back Hearable of the Year prizes at the Wareable Tech Awards, succeeded by the Bragi Dash Pro.

That’s a lot of praise, so if you’re considering whether to pick up the Dash Pro, pick up the original Dash on a deal, or just want to know exactly what they can do, here’s our breakdown of what the buds are capable of, plus a few tips that will make them even easier to use.

Read this: The best fitness tracker to buy

Any questions? Let us know in the comments section below.

What is Bragi Dash and Dash Pro?

bragi dash guide

Technically, we should be calling them Bragi The Dash, but we imagine most people are more used to them being referred to as Bragi Dash. They’re Bragi’s first-generation hearables. The second generation, which is a re-engineered version of the original, is called Bragi Dash Pro.

Like Apple’s AirPods or Samsung’s Gear IconX, they are set of truly wireless earbuds so there’s absolutely no cables flailing around or in between.

Compatible with iPhones and Android phones, you can stream music from them, answer calls and track three sports; running, cycling and swimming. They also work as an MP3 player so you can load up music and leave your smartphone behind at home.

The Dash Pro is available in two different versions. There’s the regular Dash Pro, which comes in at $329, which comes with all the smart features an inEar assistant. Then there’s the Dash Pro Tailored by Starkey for $599. The big difference, and the reason for that massive price hike, is that you can go ahead and get an injection mold of your ears so that your Dash Pro perfectly fits.

If you just want something a little more basic, Bragi also has The Headphone, which is a pair of wireless buds that cost significantly less than the Dash. It costs $149. However, it does lack the activity tracking and live translation skills of its bigger brother.

Setting up Bragi Dash Pro

Bragi Dash guide: Everything you need to know about the smart earbuds

If you’re just going to use the Dash Pro to listen to music from Spotify, Apple Music or another music streaming service then pairing is really easy. It’s essentially the same as connecting a pair of Bluetooth headphones.

Once they’re all charged up, there’s proximity sensors that are able to detect when they’ve been taken out of the charging case and turn themselves on when you pop them inside your ear. Go into your Bluetooth settings on your smartphone and search out for the Dash name, hit connect and you should be good to go.

Get your next hearables fix

To tinker with all of the settings and activate sports tracking modes, you’ll need to download the Bragi app where you’ll be able to calibrate the earbuds. It’s worth noting that when you need to update to the latest version of Bragi’s OS, you’ll need to drop them back into their case and plug it into your computer using the micro USB cable. There’s also a Bragi Dash installer program you need to download to get those new features and fixes over to the Dash earbuds.

What can Bragi Dash Pro do?

Bragi Dash guide: Everything you need to know about the original hearable

Quite a lot ,and we’re going to start with the sports tracking first because that’s what really makes the Dash Pro a bit special.

Activity tracking

Packing in a series of motion sensors, including accelerometers and gyroscopes in both buds, the Dash and Dash Pro are able to record a collection of metrics. That includes distance covered, steps, average pace and calories if you’re running with them in.

For swimming, it’ll measure breathing rate, thanks to the onboard pulse oximeter sensors, pool lengths and duration. When you go cycling it’ll also record cadence and duration data. Both the Dash and the Pro will automatically start tracking workouts too. This is a wonderful idea, but in practice we found it a bit temperamental.

In addition to recording motion, there’s also an optical heart rate sensor as well that works in a similar fashion to the one included in Jabra’s heart rate monitoring Sport headphones. This means you can get an indication of workout intensity across the three supported sports.

Unfortunately, there’s no GPS on board either the old Dash or the Pro and you can’t feed data into third party apps like Strava or Runkeeper (yet). You can enable the app to share location data to improve tracking accuracy.

Listening to music

You’re going to get a better music experience on the Pro compared to the previous generation Dash. You’ll not only get an hour extra of battery life, 5 hours for the Pro versus 4 for the original, you’re going to get a much fuller, bass-filled listening experience.

They both still have 4GB of storage to load up tracks, which must be done via your computer. The waterproof design also means you can use them for swimming, too. Just make sure you’ve put on the right sleeves before you jump into the pool.

When you first try them out, you might feel like they are a little on the quiet side, so make sure you head into the Bragi app and tinker with the Master Volume and you should get a lot more power.

If you’re working out with the Dash buds plugged into your ears and don’t like the idea of drowning out the world around you, there’s a useful audio transparency mode that’ll let you hear your surroundings. It also means you can still listen to music and have a conversation with someone at the same time.

Live translation

One of the most exciting things about hearables is the potential they have for giving us real-time translation, the dream of talking to someone in another language and having it automatically translated for you.

This is kind of how it works on the Dash and Dash Pro. You will need your phone, the iTranslate app and the $14.99 iTranslate Pro subscription. Once you do that, getting it set up is a bit of a hassle. You’ll need to put your Dash Pros on, then open up the app, then find the Bluetooth button and select the Dash Pro, which sends you back to the Bragi app to connect. It’s all a bit much.

Read this: Putting Bragi Dash Pro’s real-time translation to the test

Once you have it all set up, there are two ways to translate. You can have one person wear the buds and hold out the phone, with the app open, and have it translate that way. Or, you can go bud-to-bud. However, this second way requires both people to have a pair of Dash Pros. This is neat, but probably isn’t a realistic outcome when you’re out exploring a foreign country and need to speak to a local.

In our test, we found that it mostly worked pretty fine. While it was a hassle to set up and it sometimes missed things, it mostly had us conversing with a friend relatively seamlessly.

3D audio

Bragi has adopted the philosophy of rolling out software updates to improve what the Dash are capable of. A big feature on the way will add 360-degree 3D audio, which uses the audio transparency feature and turns it into a mixed reality feature. It’s being developed in partnership with Starkey, a hearing aid manufacturer who also helps custom fit those Tailored by Starkey Dash Pros. It aims to create a sense of directional sound around you, which would be a good fit for watching movies, virtual reality or even navigation.

Control by touch and gestures

With no cables to place an inline remote, Bragi relies on using optical touch sensors, which are placed on the outside of the earbuds letting you swipe and tap to control music playback features, activate sports tracking modes, turn on the audio transparency mode or launch smartphone assistants like Siri and Google Assistant.

Read this: A quick and dirty guide to ambient computing

Bragi has also introduced a set of new control options that the company is calling the Kinetic User Interface, that is able to use gestures that don’t require touching the buds at all. So you can shake your head to skip a music track, nod to answer a call, and even use head gestures to navigate the Dash menus. These are more trouble than they’re worth at the moment, but it still works and is usable.

Ask your assistant

There’s a feature called MyTap on both the Dash and Dash Pro that allows you to tap your cheek so that you can activate Siri, Google Assistant or, more recently, Alexa.

Speaking of Alexa, the company has updated both its old and new generation of buds with Alexa support. So you can use her and all her thousands of skills to do things like call an Uber or even listen to Amazon Prime Music.

Bragi Dash tips and tricks

Bragi Dash guide: Everything you need to know about the smart earbuds

Swimming with The Dash

If you are planning to go swimming make sure you use the biggest sleeves included as these will ensure they stay secure in the ears. We’d even suggest wearing them underneath a swimming cap for that added touch of security.

Listening underwater

Good luck trying to stream music via Bluetooth with your phone nearby because it just doesn’t work. You’ll need to bring the music player feature into action, which can be summoned from the right earbud. Hold the right bud down for one second to access your playlist and you can find out the key music playback features here.

Running with a hoodie

The one problem we found running with the Dash is that the touch controls are very sensitive and are easily set of. To lock the controls, hold down on both the left and right buds at the same time.

Start tracking an activity

You can entirely bypass the app to start recording a run, swim or cycling session simply by pressing down on the left bud for more than one second and double tapping to skip through the activities. When you’re ready to go, tap to confirm the selection and get moving.

Checking in on the battery

This is a really handy feature to determine whether you need to top up before leaving the charging case behind. Give the buds a little light shake and the notification lights on the outside illuminate to determine battery level. Blue means full, green is high, yellow is medium and red means get charging.

Just use one bud

You can use the right earbud one its own in a standalone mode simply by double tapping on the touch controls. Perfect if you only have a bit of power remaining on the left one.

Shop for recommended smart home tech on Amazon

Wareable may get a commission