By Agency Reports
Researchers at cybersecurity firm Oligo have found major security flaws in Apple AirPlay that allow hackers to hijack compatible devices on the same Wi-Fi network.
AirPlay allows users to seamlessly stream audio, video or photos from their Apple device to another Apple device or third-party gadgets that integrate the protocol.
The 23 vulnerabilities, dubbed “AirBorne,” were found both in Apple’s AirPlay protocol and the AirPlay Software Development Kit (SDK) used by third-party vendors to make devices AirPlay compatible, Wired reported.
Researchers demonstrated in a video how vulnerabilities can be exposed to hackers by accessing an AirPlay-enabled Bose speaker on the same network and remotely executing a Remote Code Execution (RCE) attack, showing the “AirBorne” logo on the speaker’s display.
They claimed that hackers realistically can use a similar strategy to gain access to devices with microphones for espionage.
Apple to pay customers $95M in Siri spying settlement — here’s how to get your payout
Freaky footage captured the moment that a humanoid robot seemingly snapped and lashed out at handlers like something out of a dystopian sci-fi thriller.
Violent humanoid bot snaps — attacks factory workers in wild video
Oligo CTO Gal Elbaz told Wired that the total number of exposed devices could potentially be in the millions.
“Because AirPlay is supported in such a wide variety of devices, there are a lot that will take years to patch — or they will never be patched,” Elbaz explained. “And it’s all because of vulnerabilities in one piece of software that affects everything.”
Dangerous Hooded Hacker Breaks into Government Data Servers and Infects Their System with a Virus. His Hideout Place has Dark Atmosphere, Multiple Displays, Cables Everywhere.
Oligo CTO Gal Elbaz told Wired that the total number of exposed devices could potentially be in the millions. Gorodenkoff – stock.adobe.com
The risks were reported to Apple in the late fall and winter of last year, and Oligo worked with the tech giant for months on fixes before publishing their findings Tuesday.
Apple devices with iOS 18.4, iPadOS 18.4, macOS Ventura 13.7.5, macOS Sonoma 14.7.5, macOS Sequoia 15.4 and visionOS 2.4 had fixes rolled out on March 31.
However, third-party devices that support AirPlay protocol remain vulnerable. The researchers said that manufacturers would need to roll out updates for users to install themselves in order to avoid being exposed to hackers.
Koh Samui, Thailand – March 26, 2018: Man hand holding iPhone X with home screen Control Center. iPhone 10 was created and developed by the Apple inc.
AirPlay allows users to seamlessly stream audio, video or photos from their Apple device to another device. DenPhoto – stock.adobe.com
Apple told Wired that it created patches available for these third-party devices, but it emphasized that there are “limitations” to the attacks that would be possible on AirPlay-enabled devices due to the bugs.
CarPlay-equipped systems are also at risk, the researchers noted, since hackers can carry out an RCE attack if they are near the unit and “the device has a default, predictable, or known Wi-Fi hotspot password.”
According to the report, there are several ways to help protect your device from the threat of hackers:
Update your devices: Researchers stressed that devices and other machines that support AirPlay need to be updated immediately to the latest software versions to mitigate potential security risks.
Disable AirPlay Receiver: Oligo recommends fully disabling the AirPlay feature when not in use.
Only AirPlay to trusted devices: Limit AirPlay communication and stream content to only trusted devices.
Restrict AirPlay Settings: Go to Settings > AirPlay & Continuity (or AirPlay & Handoff) and select Current User for the “Allow AirPlay for” option. “While this does not prevent all of the issues mentioned in the report, it does reduce the protocol’s attack surface,” researchers noted.
Disable on public Wi-Fi: It’s best to avoid enabling or using AirPlay when on a public Wi-Fi network.
© New York Post