A newly uncovered security flaw in Apple’s AirPlay protocol could allow hackers to spread malicious code across networks using wireless connections. Researchers from cybersecurity firm Oligo discovered the vulnerabilities, dubbed “AirBorne,” which affect third-party devices and potentially hundreds of models of AirPlay-enabled gadgets.
The bugs in Apple’s AirPlay software development kit (SDK) for third-party devices enable hackers to hijack gadgets like speakers, set-top boxes, or smart TVs if they’re on the same Wi-Fi network as the hacker’s machine. Additionally, some Apple devices are also vulnerable to these attacks, although Apple has already patched them with updates.
However, many third-party AirPlay-enabled devices may never be patched due to vulnerabilities in one piece of software that affects everything. This means hackers can take control of vulnerable devices and use them to access the network, install ransomware, or carry out stealthy espionage.
The researchers warn that even if a hacker gains access to the same Wi-Fi network as a vulnerable device, they may be able to turn it into a listening device for espionage purposes. Apple has already created patches available for impacted third-party devices, but some manufacturers may not have notified Apple and become “certified” AirPlay devices.
The discovery highlights concerns about the security of smart-home devices and the broader Apple ecosystem. Experts say that vulnerabilities in one piece of software can have far-reaching consequences, putting users at risk and eroding trust in the ecosystem.
Source: https://www.wired.com/story/airborne-airplay-flaws