With the help of Apple’s AirPlay feature, iPhones and MacBooks can easily play music or display images and videos on other Apple products, as well as on external speakers and TVs that support the protocol.
Due to recently discovered security holes in AirPlay, hackers may be able to travel about a network with ease and transfer malicious malware from one compromised device to another using those same wireless connections. Given how infrequently some smart-home gadgets are patched, it’s conceivable that these wirelessly enabled malware footholds will continue to exist for years to come across many of the hundreds of types of AirPlay-capable devices, even though Apple products are known for receiving regular fixes.
Researchers from the cybersecurity company Oligo unveiled what they are calling AirBorne on Tuesday. It is a set of flaws that impact Apple’s exclusive radio-based local wireless communication technology, AirPlay. If devices like speakers, receivers, set-top boxes, or smart TVs are connected to the same Wi-Fi network as the hacker’s computer, bugs in Apple’s AirPlay software development kit (SDK) for third-party devices would enable hackers to take control of them. Although these bugs have been fixed in updates over the past few months, Apple told Oligo that another set of AirBorne vulnerabilities would have made it possible for hackers to take advantage of Apple devices that supported AirPlay. Apple also told WIRED that these vulnerabilities could only have been exploited when users altered the default AirPlay settings.
Apart from those Apple devices, Gal Elbaz, cofounder and chief technology officer of Oligo, estimates that there are tens of millions of potentially vulnerable third-party AirPlay-enabled gadgets. According to Elbaz, “there are a lot that will take years to patch—or they will never be patched because AirPlay is supported in such a wide variety of devices.” “And it all stems from flaws in a single piece of software that impacts everything.”
The Tel-Aviv-based security company warns that unless consumers take action to upgrade their devices, the AirBorne vulnerabilities in many third-party devices will likely remain hackable, even though Oligo has been working with Apple for months to fix the problems in all impacted devices. A hacker can covertly take control these devices if they can access the same Wi-Fi network as those susceptible devices, whether that be via breaking into another computer on a home or business network or by just connecting to the same coffee shop or airport Wi-Fi. The machines might then be added to a botnet of compromised, coordinated machines under the hacker’s control, or they could be used to maintain a covert point of access or hack other targets on the network.
Oligo adds that a lot of the susceptible gadgets contain microphones and might be used as espionage listening devices. To illustrate that method, the researchers did not even develop proof-of-concept malware for any specific target.
According to Oligo, Apple released security upgrades in the months after it was alerted about its AirBorne findings in the late fall and early winter of last year. To test and validate the patches for Macs and other Apple products, the researchers worked in conjunction with Apple.
Additionally, Apple has developed updates that are accessible for affected third-party devices, the company informs WIRED. However, the company notes that because an attacker needs to be on the same Wi-Fi network as a target in order to exploit them, the assaults that might be carried out on AirPlay-enabled devices as a result of the issues are limited. While there may be some user data on gadgets like TVs and speakers, Apple notes that it is usually very little.
READ MORE: Owners of Apple Watches: You Could Be Eligible For A $20 Million Settlement
The video below shows the Oligo researchers using their AirBorne hacking technique to take control of a Bose speaker that supports AirPlay and display their company’s AirBorne logo. (The researchers claim that they had one of Bose’s speakers available for testing and had no intention of singling the brand out.) A request for comment from WIRED was not immediately answered by Bose.
CarPlay, the radio protocol used to connect to dashboard interfaces in cars, is likewise impacted by the AirBorne vulnerabilities that Oligo discovered. According to Oligo, this implies that hackers may take control of the head unit, or automotive computer, in any of the Apple over 800 vehicle and truck types that use CarPlay. However, in such car-specific situations, the threat of CarPlay-based vehicle hacking is much reduced because the AirBorne vulnerabilities could only be exploited if the hacker could couple their own device with the head unit via Bluetooth or a USB connection.
Contrarily, the AirPlay SDK vulnerabilities in home media devices might offer a more useful weakness for hackers looking to conceal themselves on a network, whether they are doing covert espionage or installing ransomware, all while hiding on devices that are frequently overlooked by both consumers and corporate or government network defenders. “What worries me is the number of devices that were susceptible to these problems,” says Uri Katz, an Oligo researcher. “How recently did you update your speaker?”
While working on a different project that involved examining vulnerabilities that might enable an attacker to access internal services operating on a target’s local network from a malicious website, the researchers first began considering this feature of AirPlay and eventually came across the AirBorne vulnerabilities. The basic safeguards built into every online browser that are intended to stop websites from having this kind of intrusive access on other people’s internal networks were discovered to be ineffective by Oligo’s hackers in that earlier study.
As they experimented with their finding, the researchers discovered that AirPlay was one of the services they could obtain by taking use of the vulnerabilities on a target’s systems without permission. AirPlay’s characteristics as a service designed to remain open and available for new connections served as the inspiration for the crop of AirBorne vulnerabilities that were discovered today, even though they have nothing to do with the earlier study.
Furthermore, because some manufacturers integrate the AirPlay SDK without informing Apple and certifying their devices as “AirPlay,” the researchers’ discovery of faults in the AirPlay SDK implies that vulnerabilities exist in hundreds of device types, if not more.
“Clearly, Apple no longer has direct control over the hardware or the patching process when third-party manufacturers integrate Apple technologies like AirPlay via an SDK,” says Patrick Wardle, CEO of the security company DoubleYou, which focuses on protecting Apple devices. Because of this, when vulnerabilities occur and third-party suppliers do not update their products in a timely manner or at all, it not only endangers users but also has the potential to undermine confidence in the larger Apple ecosystem.
Step into the ultimate entertainment experience with Radiant TV! Movies, TV series, exclusive interviews, live events, music, and more—stream anytime, anywhere. Download now on various devices including iPhone, Android, smart TVs, Apple TV, Fire Stick, and more!
