Apple AirPlay flaw exposes millions of devices to hacking risk
What's the story
A major security flaw, called 'AirBorne,' has been found in Apple's AirPlay software development kit (SDK), putting millions of devices around the globe at risk.
The vulnerability, revealed by cybersecurity firm Oligo, impacts Apple's proprietary radio-based protocol for local wireless communication.
It could let hackers breach third-party devices like speakers, receivers, set-top boxes, or smart TVs connected to the same Wi-Fi network as the hacker's device.
Impact
Millions of devices potentially at risk
Oligo's Chief Technology Officer and co-founder, Gal Elbaz, estimates the number of potentially vulnerable third-party AirPlay-enabled devices could be in the tens of millions.
He said, "Because AirPlay is supported in such a wide variety of devices, there are a lot that will take years to patch—or they will never be patched."
"And it's all because of vulnerabilities in one piece of software that affects everything," Elbaz added.
Risks
Attackers could exploit public networks
For consumers, the risk level would depend on how secure their home router is.
If an attacker gets access to your home Wi-Fi network, they could potentially exploit vulnerabilities in AirPlay devices.
However, the risk would be limited to the range of your Wi-Fi.
On public networks like those used in coffee shops or airports, direct access would be possible.
Security concern
Attackers could potentially access microphones
The researchers from Oligo have indicated that, in a worst-case scenario, an attacker could access the microphones in an AirPlay device, like those in smart speakers.
However, they have not demonstrated this capability yet, meaning it is a theoretical concern for now.
The researchers followed the standard practice of reporting the issues to Apple and waiting for the company to issue security fixes before going public with these vulnerabilities.
Response
Apple has issued patches for all devices
Apple has responded to the discovery by issuing patches for all its own devices and making fixes available to manufacturers of third-party products.
CarPlay devices are also vulnerable, but the risk is significantly lower as an attacker would need to pair their device first.
This vulnerability highlights the importance of keeping tech updated with any security updates issued, as a precautionary measure against potential threats.