The city has a new Apple security issue, and this time it is air. Or, well, it is that security researchers are calling it. As a cyber security firm Oligo revealed on TuesdayA collection of security weaknesses is now affecting airplay feature in Apple products, and the airplay SDK used in third-party gadgets such as TVS, speaker, receiver, and more.
As Reported by WiredThe vulnerability allows hackers to handle the airplay protocols to inject malware and control the affected equipment. This is a zero-click attack, so it works even if you do not click on anything.
Airplay is a widely supported protocol, and apple is a popular way to share audio and video for devices. Thankfully, Oligo had alerted Apple about the issue, and has spent months in the background to fix the issues.
How does the kidnapping of Airborne works
Airborne vulnerability works only on a local network, so the kidnapper will have to be in closeness on you and the same network. This local network can be anywhere, such as your home, your field, or airport WiFi network.
If a hacker is on your local network, and if your airplay devices are searchable, they are susceptible to zero-click attack. This means that the kidnapper can take control of the device without any action from you. Alternatively, they can direct another type of attack on your device, such as a man-in-MITM attack or denial of service (DOS) attack.
On a Mac, it can allow the kidnapper to control and run malicious code on its computer.
On a connected device, like a Bluetooth speaker, it can allow the kidnapper to play anything that they want, or turn on the microphone to hear on conversation. The video below displays security researchers carrying on a Bose speaker.
What do you think so far?
Time to update all your apple devices
Apple has packed airborne vulnerability on all its latest software. This means that this is the time to update your iPhone, iPad, Mac, Apple Watch and Apple Vision Pro in the latest available software version. You can go and do this setting , General , Software update On your iPhone or iPad, and System settings , General , Software update On Mac.
What to do about third-party equipment
While Oligo has worked with Apple to fix vulnerability in its own equipment, the issue is still made on devices that support the Airplay protocol like your TV or smart speaker, which will still be exposed to the issue. These devices, of which are tens of million in the wild, are real issues, as security researchers cannot work with every company to fix the issue.
There is not much that you can do about third-party equipment, but if you see updates from an airplay-backed device in your house, be sure to install it.
How to protect yourself from airplay kidnapping
Credit: Silent reader
Yes, you have updated your official Apple devices, but depending on your device, it may not be enough, as mentioned above. When you can’t really expect to update the firmware on your speaker, there are some things that you can do to reduce the possibility of an attack.
-
First, make sure that you are updating all third-party equipment supporting AirPlay. This means that your TV, or your smart audio system.
-
Next, make sure the airplay is disabled when you are not actively using it. How to do this will be different depending on your device, but to do so on Mac, go System setting , Aerdrop and handoff And disable Airplane recipient,
-
Use only reliable devices to stream the airplay content.
-
Next, limit airplay streaming only to yourself. On a mac, it’s below setting , General , Aerdrop and handoffNavigate in this menu, then in the dropdown next Allow the airplay forchoose current user,
-
Most importantly, when you are in a public network, or avoid playing materials through airplays using any unknown network in airports, cafes or hotels.
