According to Reddit post by user "sportingkcmo," he had his house equipped with an August Smart Lock, a Bluetooth-enabled door lock that users operate using their phone, as well as Apple's HomeKit, which enables users to interact with smart home gadgets using Siri. According to his post, the user had set up his iPad Pro in the living room to connect to the lock through HomeKit.
Unfortunately, the setup opened up a huge security hole that serves as lesson of how smart home technology can backfire: His neighbor, who was coming by to borrow some flour, was able to let himself in by shouting, "Hey Siri, unlock the front door."
The iPad was apparently able to hear the neighbor’s command through the front door and then sent the unlock command to the August Smart Lock. (The August Smart Lock also supports Amazon’s voice assistant service, Alexa, but users can't unlock the door with Alexa. Users can only lock and check the status of the lock with Alexa.)
Apple said it recommends that all users have passcode authentication enabled on their devices. This could have been prevented if the user had set passcode authentication on the iPad.
If this story is true, then it raises serious questions about the security of smart home systems. Ceding such critical parts of the home (like the front door) to tech gadgets can pose major security risks. Voice control holds a lot of exciting possibilities but remains new and unexplored territory. In this case, the combination of voice technology with a smart lock system exposed a major vulnerability.