Apple iPhone’s AirPlay feature, while convenient, has been found to have a significant security vulnerability, potentially allowing hackers to infiltrate related devices through the same Wi-Fi network.
Warning from cybersecurity company Oligo, a total of 23 vulnerabilities were discovered in the AirPlay protocol and its third-party integrations, collectively known as “AirBorne.” A report by Wired indicated that these vulnerabilities have a wide-reaching impact.
AirPlay is a streaming feature that allows users to seamlessly transmit audio, video, or photos from one Apple device to another, or to third-party devices that support the AirPlay protocol.
According to researchers’ demonstrations, hackers could potentially carry out remote code execution (RCE) attacks through AirPlay speakers like Bose devices, and even eavesdrop on devices with microphones.
Gal Elbaz, CTO of Oligo, stated that the number of affected devices could reach into the millions, and many third-party devices may struggle to be patched, potentially leading to widespread ecosystem damage.
Oligo reported the vulnerabilities to Apple last fall and worked together for several months to patch them, ultimately releasing their research findings on Tuesday, May 20th. As of March 31st, Apple has released updates for iOS 18.4, iPadOS 18.4, macOS Ventura 13.7.5, macOS Sonoma 14.7.5, macOS Sequoia 15.4, and tvOS 2.4.
However, third-party devices supporting AirPlay still pose a risk, requiring manufacturers to provide separate updates for users to install. Apple has offered patching tools to vendors but emphasized that these types of attacks still have their technical limitations.
Researchers noted that car systems supporting CarPlay could also be targeted, especially when using default or easily guessed Wi-Fi hotspot passwords. Oligo recommends the following protective measures:
– Update devices immediately: Upgrade to the latest version to reduce risks.
– Disable AirPlay receiving function: When not in use, it is recommended to completely turn it off.
– Connect only to trusted devices: Avoid transferring content to unfamiliar devices.
– Adjust settings: In “Settings” > “AirPlay & Handoff,” set “Allow AirPlay” to “Only for current user” to reduce the attack surface.
– Avoid using AirPlay on public Wi-Fi: To prevent hackers from infiltrating.
These measures are crucial to enhancing security and safeguarding against potential breaches in devices using AirPlay functionality.