It’s been a little over a year since security researchers discovered a vulnerability in iOS devices that makes it possible to jailbreak most iPhones and iPads from the iPhone 5s through the iPhone X.
Now it looks like Apple’s HomePod smart speaker is vulnerable as well. A pair of tweets from @_L1ngL1ng_ and @DanyL931 show that it’s possible to jailbreak a HomePod using an updated version of the Checkra1n jailbreak utility.
There’s no word on if or when the new version of Checkra1n will be released to the public, but if and when it is, the update will open the door to folks who want to hack Apple’s smart speaker.
For starters, it looks like a jailbroken HomePod will allow users to connect to the speaker via SSH with root access, which would allow you to alter protected files and settings, install applications, or even replace the operating system.
A few obvious use cases for a Jailbroken HomePod?
- Allow it to stream audio from apps that are not officially supported.
- Use it as a wireless speaker for Android, Windows, or other devices that do not support AirPlay.
- Enable third-party voice assistants (like Mycroft or Firefox Voice).
There are some potential down sides though – by definition, jailbreaking an iOS device breaks Apple’s security, which could leave your gadget more vulnerable to attack. That could be particularly problematic on a screenless device like the HomePod, where it might be difficult to notice malware running on your device which could, for example, activate the speaker when you’re not paying attention.
While the jailbreak seems to work on a first-gen Apple HomePod, I suspect it might not work on the newer HomePod Mini. The newer, smaller speaker was released just this month, meaning Apple has had more than a year to patch the vulnerability exploited by Checkm8 and Checkra1n.
via Yalu JB and Hacker News