Major AirPlay Bugs Enable Remote Device Hacking: Here’s What to Do
Apple’s AirPlay is a convenient feature in iPhones and other Apple products, enabling seamless connection with other media devices for easy mirroring or casting. However, the underlying protocol could also serve as an entry point for hackers to infiltrate and gain access to your device. Several vulnerabilities in AirPlay have been discovered, potentially putting millions of Apple and third-party devices at risk.
This week, security firm Oligo published findings on a set of AirPlay vulnerabilities dubbed AirBorne, including significant exploits and attacks such as zero-click Remote Code Execution (RCE) and one-click RCE.
Apple and Third-Party AirPlay Devices at Risk
These bugs affect the AirPlay Software Development Kit (SDK), which is used by developers and manufacturers. Consequently, attackers could exploit these vulnerabilities as backdoors to hack and execute malicious code on third-party AirPlay-enabled devices, including smart speakers, smart TVs, dongles, and even car consoles or head units with CarPlay. This potentially exposes tens of millions of devices.
Once access is gained or a device is compromised, hackers could remotely control it, such as enabling the microphone to eavesdrop on individuals or using it to coordinate network-based cyberattacks. So far, the firm has demonstrated two exploits through wormable zero-click RCE vulnerabilities to hack a Bose speaker.
However, the firm further details that attackers can only leverage these vulnerabilities if the targeted hardware is within the same Wi-Fi network, which reduces the threat for devices connected to secure networks.
In addition to non-Apple AirPlay products, these bugs reportedly affect Apple hardware such as iPhones, iPads, Macs/MacBooks, and HomePods, especially if users have modified the AirPlay settings on their devices. To address user concerns, Apple has confirmed that it patched these software bugs via updates several months ago.
This leaves third-party devices more vulnerable to hacking, as many of them rarely receive updates. Even worse, some speakers and TVs may never receive any updates throughout their lifespan.
How to Protect Your Device from Hacking via the AirPlay Bug
If a software update or patch is not available for your third-party AirPlay devices, there are effective measures users can take to mitigate these hacks or protect their devices. The most prominent way is to avoid connecting to public or free Wi-Fi networks and only use trusted WLANs. It is also recommended to use strong security levels and complex passwords when setting up your Wi-Fi network. Additionally, turning off the AirPlay feature when it is not in use can also block potential access for hackers.
As simple as it sounds, these measures, along with other general security practices such as turning off your devices once a week, can help safeguard against various attacks and hacks.
Do you have an AirPlay-ready device at home? What steps do you take to keep your network safe? We’d like to hear your suggestions in the comments.
