Apple devices are being targeted by hackers via a new security flaw that exploits the AirPlay protocol. This flaw, known as ‘AirBorne,’ allows hackers to take over Apple devices without any user input, raising significant cybersecurity concerns. A major cybersecurity company, Oligo, has disclosed these vulnerabilities in the AirPlay protocol, which is used to enable streaming from Apple devices to TVs and other media devices. The findings reveal that if a hacker is on the same Wi-Fi network as a vulnerable device, they could potentially take control of the device without any action from the user.
Researchers from Oligo have demonstrated the potential risks by showing how a vulnerable smart speaker, like a Bose model, could be hijacked to display the company’s logo. This example highlights how easily hackers could exploit the vulnerability to control devices in an unnoticed manner. The vulnerability could be used to install malware on the device, leading to further infiltration of a home or corporate network. In some cases, the compromised devices could be added to a botnet, a network of machines that can be used for cyberattacks without the knowledge of the users.
Apple has already patched the AirBorne flaws on its own devices, and the company has issued updates to third-party vendors. However, the cybersecurity experts warn that many third-party AirPlay devices, which could number in the tens of millions, may not be receiving patches. This is due to the slow or non-existent update processes from these manufacturers, which leaves the devices open to exploitation. Additionally, some of these devices may not even support automatic updates, further increasing their vulnerability.
The researchers also discovered that Apple CarPlay is affected by the same flaws, though exploiting the vulnerability would require the attacker to have physical access to the car or use Bluetooth. This would make it more challenging, but the possibility still leaves over 800 car models vulnerable. The cybersecurity community is concerned that the widespread use of AirPlay-enabled devices could lead to a large-scale security risk if the vulnerabilities are not addressed.
The article suggests that users should take immediate steps to protect their devices, such as setting up a dedicated Wi-Fi network for smart devices, disabling AirPlay when not in use, and avoiding public Wi-Fi. Additionally, using a virtual private network (VPN) and securing the home Wi-Fi network with strong passwords and up-to-date firmware is recommended. The article also emphasizes the importance of limiting device permissions and exposure to minimize the risk of exploitation.
While Apple is known for its focus on security and privacy, the ‘AirBorne’ vulnerabilities indicate that even the most secure companies can have significant gaps. The company has taken steps to address the issue on its own systems, but the broader ecosystem, including third-party devices, remains at risk. Users are advised to remain vigilant and ensure that their devices are up to date to protect against potential cyber threats.