There’s a new Apple security issue in town, and this time it’s Airborne. Or, well, that’s what the security researchers are calling it. As cybersecurity firm Oligo revealed on Tuesday , a collection of security vulnerabilities are now affecting the AirPlay feature in Apple products, and the AirPlay SDK used in third-party gadgets like TVs, speakers, receivers, and more.
As reported by Wired , the vulnerability lets hackers take over the AirPlay protocol to inject malware into and take control of impacted devices. This is a zero-click attack, so it works even if you don’t click on anything.
AirPlay is a widely supported protocol, and a popular way for Apple devices to share audio and video. Thankfully, Oligo had alerted Apple about this issue, and has spent months in the background fixing the issues.
How Airborne’s hijacking works
The Airborne vulnerability works only on a local network, so the hijacker will have to be in proximity to you and on that same network. This local network can be anywhere, like your home, your workspace, or the Airport wifi network.
If a hacker is on your local network, and if your AirPlay devices are discoverable, they are susceptible to a zero-click attack. Meaning that the hijacker can take control of the device without any action from you. Alternatively, they could direct another type of attack at your device, like a Man-in-the-middle (MITM) attacks or a Denial of service (DoS) attack.
On a Mac, this could allow the hijacker to take control of and run malicious code on your computer.
On a connected device, like a Bluetooth speaker, it could also let the hijacker play anything they want, or turn on the microphone to listen in on conversations. The video below demonstrates the security researchers taking over a Bose speaker.
Time to update all your Apple devices
Apple has patched the Airborne vulnerability on all its latest software. That means it’s time to update your iPhone, iPad, Mac, Apple Watch, and Apple Vision Pro to the latest available software version. You can do so by going to Settings > General > Software Update on your iPhone or iPad, and System Settings > General > Software Update on the Mac.
What to do about third-party devices
While Oligo has worked closely with Apple to fix the vulnerability in its own devices, the issue still remains on devices that support the AirPlay protocol, like your TV or smart speaker, which will still exposed to this issue. These devices, of which there are tens of millions out in the wild, are the real issue, as the security researchers can’t work with every single company to fix the issue.
There’s not a lot you can do about third-party devices, but if you see an update from an AirPlay supported device in your home, make sure to install it.
How to protect yourself from AirPlay hijacking
Credit: Khamosh Pathak
Yes, you’ve updated your official Apple devices, but depending on your device, that might not be enough, as mentioned above. While you can’t really expect to update the firmware on your speaker, there are a couple of things you can do to lessen the likelihood of an attack.
-
First, make sure you’re updating all third-party devices that support AirPlay. That means your TV, or your smart audio system.
-
Next, make sure that AirPlay is disabled when you’re not actively using it. How to do this will differ based on your device, but to do this on a Mac, go to System Settings > AirDrop & Handoff and disable AirPlay Receiver.
-
Only use trusted devices to stream AirPlay content.
-
Next, limit AirPlay streaming to only yourself. On a Mac, this is under Settings > General > AirDrop & Handoff. Navigate to this menu, then in the dropdown next to Allow AirPlay For, choose Current User.
-
Most importantly, avoid playing content through AirPlay when you’re in a public network, or using any unknown network like those at airports, cafes, or hotels.
