Apple’s AirPlay technology makes it easy to stream media from an Apple device to a device such as a speaker or TV. But the wireless connection that AirPlay uses has vulnerabilities that hackers can use to gain control of these devices.
Cyber Security Company Oligo today published a report covering vulnerabilities it discovered in the AirPlay protocol and AirPlay Software Development Kit. The vulnerabilities, called Airborne, have been patched in iPhone, iPad, Mac and other Apple devices through security updates, but third-party products implementing AirPlay probably contains the shortcomings as it is up to these third parties to deliver software patches to their devices. Oligo says in his report that “the number of third -party audio devices supporting AirPlay can be estimated in the 10s [stet] of millions. “
To take advantage of the AirPlay vulnerability, the hacker must have access to the local Wi-Fi network for which the AirPlay devices are connected. While it is not a trivial task with a home or business network, it may be if the network is a listed, such as in a coffee shop. For example, a coffee shop may place AirPlay speakers or a TV on the same network as that is open to its customers. If an AirPlay device is equipped with microphones or cameras, airborne can be used by a hacker to spy on users.
The airborne allows for a number of attacks. In a video example, Oligo shows a Remote Code Execution (RCE) where a MacBook is hacked using Airbourne, so when the music app is launched, an airbourne image opens. See the demo below.
Oligio also says CarPlay devices are affected by airborne. In the video below, airborne is used to access a CarPlay device and display the airborne image. Because the hacker has to be able to connect to the CarPlay device by accessing the car’s bluetooth or USB connection, the risk is low.
How to protect you from airborne
Apple has patched the airborne vulnerabilities on its devices through us updates and firmware updates for devices such as HomePod and Apple TV. Users can update iPhones, iPads and Macs through software updates in system settings. Firmware updates cannot be triggered by the user; They are usually performed automatically. Apple releases security fixes through us updates, so it is important to install them as soon as possible.
As for third-party AirPlay devices, it is up to the manufacturer to provide a driver update. Wired points out that the market is packed with unsertified AirPlay support, which may mean that the manufacturer may not be aware of updating the software to its device.
Macworld has several guides to help keep your Mac secure, including a guide on whether you need antivirus software, a list of Mac -vira, malware and Trojans and a comparison of Mac security software.