New Vulnerabilities in Apples AirPlay Could Allow Hackers to Access Your Device
Apple's AirPlay feature has long been a hallmark of the company's ecosystem, allowing iPhones and MacBooks to effortlessly stream music, photos, and videos across various Apple devices as well as third-party speakers and televisions equipped with the necessary integration. However, the recent discovery of several security vulnerabilities in AirPlay has raised critical concerns about the safety and integrity of these wireless connections.
On Tuesday, cybersecurity researchers from Oligo announced findings regarding a series of vulnerabilities collectively dubbed 'AirBorne.' These flaws impact AirPlay, Apples proprietary protocol designed for local wireless communication, and they pose a significant risk to users. Specifically, the vulnerabilities within Apples AirPlay software development kit (SDK) for third-party devices could enable hackers to seize control of various gadgetsincluding speakers, televisions, receivers, and set-top boxesif these devices are connected to the same Wi-Fi network as the hacker's device.
While Apple has successfully patched certain vulnerabilities affecting its own devices, it appears that many third-party AirPlay-enabled gadgets remain at risk. Oligo's co-founder and chief technology officer, Gal Elbaz, estimates that the number of potentially vulnerable devices could be in the tens of millions. He explains, 'Because AirPlay is supported in such a wide variety of devices, there are a lot that will take years to patchor they may never be patched at all. It all stems from vulnerabilities in a single piece of software that impacts everything.'
Despite Oligo's collaboration with Apple to address the AirBorne vulnerabilities over recent months, the Tel-Aviv-based cybersecurity firm warns that many of these flaws in third-party devices could remain exploitable unless users proactively update their software. If a hacker gains access to the same Wi-Fi network as one of these vulnerable devicesthrough means such as breaching another computer on a home or corporate network, or simply connecting to a public Wi-Fi network at places like coffee shops or airportsthey could covertly take control of these gadgets. Such control would grant hackers a stealthy access point to infiltrate other targets on the same network or even incorporate these devices into a coordinated network of infected machines, known as a botnet.
Moreover, Oligo has highlighted an alarming aspect of these vulnerabilities: many of the affected devices are equipped with microphones that could potentially be exploited for espionage purposes. However, the researchers have not created proof-of-concept malware to demonstrate this capability on specific targets.
According to Oligo, they alerted Apple about the AirBorne vulnerabilities in late fall and winter of the previous year. Apple has since exerted considerable effort to roll out security updates to address these issues. The tech giant has also developed patches for impacted third-party devices, although they stress that there are limitations to the types of attacks that could be executed due to the requirement for the attacker to be connected to the same Wi-Fi network as the target device. Apple further clarifies that while there may be some user data on devices such as TVs and speakers, this data is typically minimal and limited in scope.
