‘AirBorne’ Vulnerability Puts Millions of Apple AirPlay Devices at Risk of Hacking Attacks
If you utilize the AirPlay feature on your Apple devices, there’s important news that requires your attention. Security researchers from the cybersecurity firm Oligo have uncovered significant vulnerabilities in Apple’s AirPlay protocol, which could allow cybercriminals to compromise Apple and other compatible devices connected to the same Wi-Fi network. AirPlay, a wireless streaming protocol, enables users to cast audio and video across various devices.
Oligo’s researchers have identified serious security issues, which they have labeled “AirBorne,” present in both the AirPlay protocol and the AirPlay Software Development Kit (SDK). Additionally, users of CarPlay are not immune; the vulnerabilities extend to this platform as well. The report from Oligo states that hackers may attempt Remote Code Execution (RCE) attacks when in proximity to a CarPlay unit, especially if the device utilizes a default or predictable Wi-Fi hotspot password.
Oligo’s CTO, Gal Elbaz, indicated that the number of potentially affected devices could be in the millions. In an illustrative video, researchers demonstrated how attackers could exploit these security weaknesses. They successfully executed a remote RCE attack on an AirPlay-enabled Bose speaker, showcasing the “AirBorne” logo on the device.
Alarmingly, they also suggested that similar tactics could enable hackers to access microphone-enabled devices for surveillance purposes. After reporting these flaws late last year, Oligo collaborated with Apple to address 23 security issues, resulting in patches released on March 31 with the launch of various operating system updates. However, it is crucial to note that third-party devices supporting the AirPlay protocol have yet to receive similar protections.
To safeguard your devices against these vulnerabilities, it is essential to update your AirPlay-enabled Apple devices to the latest version. Additionally, turn off the AirPlay feature when not in use, stream only on trusted devices, and keep AirPlay disabled when using public Wi-Fi to ensure your security.
