Researchers have discovered a set of vulnerabilities known as AirBorne affecting Apple’s AirPlay, which could potentially allow hackers to execute malicious code on millions of AirPlay-enabled devices over Wi-Fi. This issue is particularly concerning for smart home technology, where many devices have not been routinely updated.
The vulnerabilities allow hackers on the same network as AirPlay-enabled devices, like speakers and smart TVs, to hijack those devices and run their own code. According to Oligo, the cybersecurity firm that publicized these flaws, tens of millions of devices could be at risk. While Apple has patched some bugs affecting its own devices, many third-party gadgets remain vulnerable due to varied update practices among manufacturers.
If a hacker gains access to the same Wi-Fi network, they could potentially take control of vulnerable devices. This control could lead to further exploits within the network, including installing ransomware or utilizing devices with microphones for covert surveillance.
Oligo has warned that unless users proactively update their devices, many vulnerabilities will persist. Although Apple has released security patches, the reliance on third-party manufacturers to implement these patches could leave users exposed. While vehicles with the CarPlay functionality are also affected, the exploited vulnerabilities would require direct access to the car’s system via Bluetooth or USB, limiting the overall risk compared to home devices.
This situation raises alarms about the safety of smart gadgets that often go forgotten and are not regularly maintained by users. Oligo highlighted that the underlying flaws are rooted in the AirPlay SDK, and vulnerabilities can exist within various devices that use the protocol without proper certification from Apple. As a result, there is a wide array of devices potentially affected, which could hinder user trust in the Apple ecosystem as vulnerabilities remain unaddressed due to the lack of updates from third-party manufacturers.
