AirPlay security flaws could help hackers spread malware on your network

AirPlay security flaws have been discovered by cybersecurity firm Oligo, which could allow hackers to spread malware on your network.
The vulnerabilities, dubbed “AirBorne,” are wormable and can be used to take over an AirPlay device and spread malware throughout a local network if the device is already connected.
Other potential risks include remote code execution (RCE) attacks, access to local files and sensitive information, denial-of-service attacks, and unauthorized use of smart speakers’ displays or microphones.
Apple has patched the bugs in its own devices, but non-Apple-made AirPlay devices may still be vulnerable, and public networks with outdated software can also pose a risk.
The risks extend to CarPlay devices as well, which can be exploited if they connect to a car’s Wi-Fi hotspot using a default or predictable password, allowing hackers to track the car’s location and access sensitive information.

Cybersecurity firm Oligo has detailed a set of vulnerabilities its researchers found in Apple’s AirPlay protocol and software development kit that could serve as a point of entry to infect other devices on your network, Wired reports.

Oligo’s researchers refer to the vulnerabilities and attacks they enable as “AirBorne.” According to Oligo, two of the bugs it found are “wormable” and could let attackers take over an AirPlay device and spread malware throughout “any local network the infected device connects to.” That said, they would need to already be on the same network as the device to carry out the attack.

Other possible outcomes of an attack include hackers remotely executing code on your devices (also called an RCE attack), accessing local files and sensitive information, and carrying out denial-of-service attacks, Oligo says. It adds that an attacker could also show images on something like a smart speaker’s display — as demonstrated with an AirPlay-enabled Bose speaker in the video below — or tap into the speaker’s microphone to listen to nearby conversations.

Apple has already patched the bugs, but there are still risks via non-Apple-made AirPlay devices. And while there’s a relatively low chance of a hacker being on your home network, Wired points out that AirBorne attacks could also happen if you connect to a public network with an device that uses AirPlay — like a MacBook or an iPhone — that isn’t updated with the latest Apple software.

The risks extend to CarPlay devices, too. Oligo found that attackers “could execute an RCE attack” via CarPlay under certain conditions, like connecting to a car’s Wi-Fi hotspot that’s still using a “default, predictable or known wifi hotspot password.” Once they’re in, hackers could do things like show images on the car’s infotainment system or track the car’s location, according to Oligo.

As Oligo points out, there are tens of millions of third-party AirPlay devices, including things like standalone speakers, home theater systems, TVs. The firm also notes that CarPlay “is widely-used and available in over 800 vehicle models.” According to Wired, Apple created patches for affected third-party devices” as well, but a cybersecurity expert tells the outlet that Apple doesn’t directly control the patching process of third-party devices.

Apple didn’t immediately respond to The Verge’s request for comment.

link

Q. What is AirPlay and what kind of security flaws were found by Oligo’s researchers?

A. AirPlay is a protocol developed by Apple that allows users to wirelessly stream content from one device to another, such as streaming music or videos from an iPhone to a TV. Oligo’s researchers found several vulnerabilities in the AirPlay protocol and software development kit that could be exploited by hackers.

Q. What are the potential risks of these security flaws?

A. The security flaws discovered by Oligo’s researchers could allow hackers to spread malware on your network, remotely execute code on your devices, access local files and sensitive information, carry out denial-of-service attacks, and even tap into smart speakers’ microphones to listen to nearby conversations.

Q. Have Apple patched the bugs found by Oligo’s researchers?

A. Yes, Apple has already patched the bugs found by Oligo’s researchers. However, there are still risks associated with non-Apple-made AirPlay devices that have not been updated with the latest software.

Q. Can hackers spread malware on your network if you connect to a public Wi-Fi hotspot using an AirPlay-enabled device?

A. Yes, according to Wired, hackers could potentially spread malware on your network if you connect to a public Wi-Fi hotspot using an AirPlay-enabled device that is not updated with the latest software.

Q. What about CarPlay devices? Are they also vulnerable to these security flaws?

A. Yes, Oligo’s researchers found that attackers could execute an RCE attack via CarPlay under certain conditions, such as connecting to a car’s Wi-Fi hotspot using a default or predictable password.

Q. How many third-party AirPlay devices are there, and how widespread is CarPlay?

A. There are tens of millions of third-party AirPlay devices, including standalone speakers, home theater systems, TVs, and CarPlay devices that are widely used in over 800 vehicle models.

Q. Does Apple directly control the patching process of third-party devices?

A. No, according to a cybersecurity expert quoted by Wired, Apple does not directly control the patching process of third-party devices.

Q. What is an RCE attack, and how can hackers carry it out via CarPlay?

A. An RCE (Remote Code Execution) attack allows hackers to remotely execute code on a device. In the case of CarPlay, hackers could carry out an RCE attack by connecting to a car’s Wi-Fi hotspot using a default or predictable password.

Q. Can AirBorne attacks happen if you connect to a public network with an AirPlay-enabled device that is not updated?

A. Yes, according to Oligo, AirBorne attacks could potentially occur if you connect to a public network with an AirPlay-enabled device that is not updated with the latest software.