While Apple has taken steps to address its own devices, there is a silent crisis happening in homes, cars, and offices worldwide. A critical series of vulnerabilities called “AirBorne” maintains the vulnerability of millions of third-party AirPlay-compatible devices — and the majority of users are completely unaware of the danger.
Anything developed using Apple’s AirPlay SDK, from smart speakers and streaming boxes to car infotainment systems, might be unknowingly open to remote code execution (RCE) attacks, Oligo, a cybersecurity company, explained.
RelatedPosts
It’s Not Your iPhones, It’s What They Can Be Connected To
Apple eliminated the problem quickly. Fix patches were rolled out for all devices in iOS, and macOS on March 31. However, the unresolved issue is the scarier part as it relates to the assortment of non-Apple devices that have the AirPlay feature but have not been patched by their respective manufacturers.
The list contains not only the latest and major audio products of companies like Bose, Sony, LG but also car infotainment systems that have a built-in feature of CarPlay. These devices, of course, may allow hackers to enter any nearby Wi-Fi network.
Experts in the field of cybersecurity stress that at times, attackers could take advantage of the microphones, screens, or spy upon the victim, leaving them in complete darkness.
Where This Threat Found Its Way
Apple’s devices are not the only ones at fault. The problem is in the AirPlay SDK, which is a set of tools given to manufacturers to enable their gadgets to talk Apple. These devices are guilty because Oligo’s discovery of the same vulnerabilities in Apple’s implementation was replicated in the third-party devices — the latter don’t get automatic updates as do the former.
As the CTO of Oligo and according to Gal Elbaz, the total number of vulnerable devices could be in millions and many “may never be patched”.
In other words, although your iPhone or Mac are updated, your AirPlay-compliant speaker, TV, or car system, even if they are not Apple, might still be at risk of being hacked.
Signs You May Be at Risk
- You own an AirPlay speaker, TV, or accessory from a non-Apple brand
- Your smart TV or sound system hasn’t been updated in the past few months
- You use CarPlay over Wi-Fi with a factory or aftermarket infotainment system
In the course of the experiment, a group of researchers managed to insert an “AirBorne” logo on a Bose speaker that was not updated through an RCE attack with just the network to which they both had access. If by chance things got worse, this could result in eavesdropping, insertion of audio commands, or even hacking of the smart devices connected to it.
What You Can Do Right Now
- Go to the manufacturer’s website to check for firmware updates of any AirPlay-compatible device.
- Turn off AirPlay on third-party accessories until an update is confirmed.
- Protect your Wi-Fi network — change default passwords and use WPA3 if supported.
- Avoid public or shared Wi-Fi when using AirPlay in cars or hotels.
One smart move would be to seek information from the manufacturer whether a device has AirPlay and is affected, or the other option is to discontinue for a while the use of cast features.
Why This Is a Wake-Up Call for Smart Device Security
It is not the first time that vulnerabilities from the technologies of Google or Apple have been brought to light through third-party ecosystems but it is most likely one of the farthest-reaching events of this kind.
Advisers in the field of cyber safety say that this happening requires to have a much broader talk about Apple’s method of confirming AirPlay partners and if they are in the position to be proactive in terms of security updates to be pushed to third-party hardware.
What happens while this is not done? The situation could be described like thirty million of users “sitting ducks.”
Before it was only AirPlay that had made our houses intelligent, and now, it is the trouble of breaching as well unless every appliance producer takes security similarly to Apple’s seriousness today.
At present, the AirPlay that has been updated is the one that is the safest, which possibly could not include your favorite speaker or smart TV.
