Researchers warn of AirBorne, a collection of critical bugs in Apple’s wireless protocols.
Cybersecurity company Oligo has identified security flaws in Apple’s AirPlay technology. The vulnerabilities, dubbed ‘AirBorne’ by Oligo, could give hackers access to speakers, smart TVs, and other AirPlay-enabled devices on the same Wi-Fi network.
Intrusion via Local Networks
The vulnerabilities occur in the AirPlay software development kit (SDK) that Apple provides to third parties. Through these leaks, attackers can take over devices, from speakers to CarPlay infotainment systems, and then use them to infiltrate other systems on the same network. Apple has since patched its own products, but many third parties are still lagging behind.
According to Gal Elbaz, CTO of Oligo, there could potentially be tens of millions of vulnerable devices. “Many of these devices rarely or never receive updates,” he warns.
Eavesdropping Practices
Some affected devices contain microphones, potentially making them usable for eavesdropping practices. The researchers demonstrate in a video how they take over a speaker via AirPlay. In the case of CarPlay, the chance of hacking is less likely, as physical access to the vehicle is required to start CarPlay.
Apple confirms that it is aware of the issues and is making patches available to manufacturers. However, Apple has no control over how, or if, manufacturers implement these updates. Those who use AirPlay on external devices should therefore manually check the firmware and update it if a new version is available.