# AirBorne Flaw Exposes AirPlay Devices to Hacking: How to Protect Yourself
A recent discovery by researchers at cybersecurity firm Oligo has left Apple users on high alert, as major vulnerabilities in the AirPlay protocol have been exposed, putting compatible devices on the same Wi-Fi network at risk of hacking. The vulnerabilities, dubbed "AirBorne," were found in both Apple's AirPlay protocol and the AirPlay Software Development Kit (SDK) that third-party vendors use to make their devices AirPlay-compatible.
## What is AirPlay?
For those unfamiliar with AirPlay, it's a Wi-Fi-based protocol that allows users to cast audio and video content from their Apple devices to compatible devices such as speakers, monitors, smart TVs, and more. The technology has been widely adopted across various industries, including home entertainment and public establishments.
## The Vulnerabilities
Researchers at Oligo discovered several vulnerabilities in the AirPlay protocol, which can be exploited by hackers to gain unauthorized access to devices on the same network. These vulnerabilities allow malicious actors to execute arbitrary code (RCE attack) remotely, potentially leading to a range of threats including espionage and data breaches.
## How Did the Vulnerabilities Get Detected?
The researchers used a video demonstration to show how the AirBorne logo could be displayed on an AirPlay-enabled Bose speaker on their network. This was achieved by exploiting the vulnerabilities in the AirPlay protocol and SDK, which allowed them to remotely execute code on the device.
## Impact of the Vulnerabilities
CarPlay-equipped infotainment systems are also at risk, as hackers can carry out RCE attacks if they are near the CarPlay unit and the device has a default, predictable, or known Wi-Fi hotspot password. With 23 reported vulnerabilities to Apple in the late fall and winter of last year, the company worked with Oligo for months on fixes before publishing its findings.
## Fixes and Updates
Apple rolled out fixes to devices on March 31 with iOS 18.4, iPadOS 18.4, macOS Ventura 13.7.5, macOS Sonoma 14.7.5, macOS Sequoia 15.4, and visionOS 2.4. However, third-party devices supporting the AirPlay protocol remain exposed to threats.
## Protecting Yourself
To negate the threat posed by these vulnerabilities, there are several steps you can take:
* Keep your device and operating system up-to-date with the latest security patches. * Avoid enabling AirPlay when using a public Wi-Fi network, such as those at a cafe, airport, or mall. * Use a VPN (Virtual Private Network) to encrypt internet traffic and protect against eavesdropping.
## Conclusion
The discovery of the AirBorne vulnerabilities highlights the importance of cybersecurity in today's digital age. While Apple has rolled out fixes for its devices, third-party vendors still need to update their products to avoid exposure to threats. By taking proactive steps to secure your device and network, you can minimize the risk of falling victim to these exploits.
The total number of exposed devices could be in millions, according to Oligo CTO Gal Elbaz. "Because AirPlay is supported in such a wide variety of devices, there are a lot that will take years to patch—or they will never be patched," he says. "And it's all because of vulnerabilities in one piece of software that affects everything."