Security researchers at Oligo have uncovered critical vulnerabilities in Apple’s AirPlay protocol and SDK, potentially allowing hackers to compromise your home network and even your CarPlay system. These flaws, dubbed “AirBorne,” could enable attackers to spread malware across your network, starting with a single compromised AirPlay device. Two of the identified vulnerabilities are particularly concerning, as they’re ‘wormable,’ meaning they can automatically spread to other devices on the same network.
The potential consequences are far-reaching. Hackers could remotely execute code on your devices, gain access to sensitive files, and even launch denial-of-service attacks. More alarmingly, they could potentially hijack your smart speaker’s display to show unwanted images or even listen in using the microphone. This isn’t just a threat to your home network, either. Oligo found that under specific circumstances, such as connecting to a car’s Wi-Fi hotspot with a weak password, hackers could also exploit vulnerabilities in CarPlay to remotely execute code, potentially displaying images on your car’s infotainment system or tracking your vehicle’s location.
While Apple has already released patches to address these vulnerabilities, the risk remains for users of non-Apple AirPlay devices, of which there are tens of millions. The patching process for these third-party devices is not directly controlled by Apple, leaving a window of vulnerability. Furthermore, even with updated software, connecting to public Wi-Fi networks with an AirPlay-enabled device could still expose you to these attacks.
The sheer number of affected devices highlights the seriousness of this issue. With tens of millions of third-party AirPlay devices and CarPlay’s presence in over 800 vehicle models, the potential for widespread exploitation is significant. While the likelihood of a hacker already being on your home network might be low, the possibility of compromising devices through public Wi-Fi necessitates vigilance and prompt updates. It’s crucial to ensure all your AirPlay-enabled devices, including Apple and third-party products, are running the latest software patches to mitigate this risk.
