AirBorne: A Devastating Flaw Exposes Millions of Apple AirPlay- Compatible Devices to Hackers
Cybersecurity firm Oligo has made a shocking discovery, exposing millions of Apple and other devices on the same network to hackers through a major security flaw dubbed "AirBorne." This critical vulnerability allows cybercriminals to compromise compatible devices by exploiting weaknesses in Apple's AirPlay protocol and its related Software Development Kit (SDK). If you use AirPlay-enabled devices, it is essential to take immediate action to protect yourself from this potential threat.
AirPlay is a wireless streaming protocol that enables Apple users to cast audio and video to multiple devices. However, Oligo's researchers have found significant security flaws in the protocol, which can be exploited by hackers to gain unauthorized access to compatible devices on the same network. These vulnerabilities were recently discovered by the cybersecurity firm, who reported them to Apple in the late fall and winter of last year.
Apple has since released updates to address these security issues with the release of iOS 18.4, iPadOS 18.4, macOS Ventura 13.7.5, macOS Sonoma 14.7.5, macOS Sequoia 15.4, and visionOS 2.4 in March. However, third-party devices supporting the AirPlay protocol remain vulnerable to these attacks.
According to Oligo CTO Gal Elbaz, the number of devices exposed could be in the millions. Speaking with Wired, he highlighted the severity of this vulnerability: "If you use CarPlay, it isn't safe either." Researchers have demonstrated that hackers can attempt a remote code execution (RCE) attack when they are near the CarPlay unit, particularly if the device has a default or predictable Wi-Fi password.
Oligo's researchers also showed how hackers can exploit this vulnerability to display the "AirBorne" logo on an AirPlay-enabled Bose speaker. In a disturbing demonstration, they remotely executed an RCE attack on the speaker, exposing its display with the malicious message. This highlights the potential risks of using AirPlay-enabled devices and emphasizes the importance of taking precautions.
To protect yourself from this vulnerability, Apple recommends several steps:
- Keep your AirPlay-enabled device updated to the latest version available
- Turn off the AirPlay feature when you're not using it
- Only stream content using AirPlay on trusted devices
- Disable AirPlay when using public Wi-Fi networks
As a precautionary measure, it is crucial to take these steps to safeguard your device and prevent potential hacking attempts. Stay vigilant, and keep your AirPlay-enabled devices up-to-date to minimize the risk of being compromised by this devastating "AirBorne" flaw.