Millions of AirPlay Devices Can Be Hacked Over Wi-Fi

A newly revealed set of vulnerabilities dubbed AirBorne in Apple's AirPlay SDK could allow attackers on the same Wi-Fi network to hijack tens of millions of third-party devices like smart TVs and speakers. While Apple has patched its own products, many third-party devices remain at risk, with the most severe (though unproven) threat being potential microphone access. 9to5Mac reports: Wired reports that a vulnerability in Apple's software development kit (SDK) means that tens of millions of those devices could be compromised by an attacker: "On Tuesday, researchers from the cybersecurity firm Oligo revealed what they're calling AirBorne, a collection of vulnerabilities affecting AirPlay, Apple's proprietary radio-based protocol for local wireless communication. Bugs in Apple's AirPlay software development kit (SDK) for third-party devices would allow hackers to hijack gadgets like speakers, receivers, set-top boxes, or smart TVs if they're on the same Wi-Fi network as the hacker's machine [...]

Oligo's chief technology officer and cofounder, Gal Elbaz, estimates that potentially vulnerable third-party AirPlay-enabled devices number in the tens of millions. 'Because AirPlay is supported in such a wide variety of devices, there are a lot that will take years to patch -- or they will never be patched,' Elbaz says. 'And it's all because of vulnerabilities in one piece of software that affects everything.'"

For consumers, an attacker would first need to gain access to your home Wi-Fi network. The risk of this depends on the security of your router: millions of wireless routers also have serious security flaws, but access would be limited to the range of your Wi-Fi. AirPlay devices on public networks, like those used everywhere from coffee shops to airports, would allow direct access. The researchers say the worst-case scenario would be an attacker gaining access to the microphones in an AirPlay device, such as those in smart speakers. However, they have not demonstrated this capability, meaning it remains theoretical for now.

IoHT

[Tablizer]

= Internet of Hacked Things

Re:

[CaptQuark]

AirPlay devices on public networks, like those used everywhere from coffee shops to airports, would allow direct access.

So that means never connect your iPhone to a public WiFi if you're using AirPods or a smart watch. Imagine a stranger whispering strange things into your AirPods while you sit in a coffee shop. Creepy.

Re: IoHT

[RandomUsername99]

AirPlay != Bluetooth. Itâ(TM)s a protocol that runs on IP that lets users push video and/or audio to devices like TVs or speakers. You canâ(TM)t push audio and video to mobile devices, let alone arbitrary peripherals attached to them. It essentially works the way Bluetooth speakers and screen mirroring works, meaning the protocol has no authentication. It is intended for small home networks with standard consumer-level authentication. Connecting an Apple TV or HomePod to an open network, or not

Protocol

[fluffernutter]

I will never get why Apple insists on creating their own protocols rather than using tried tested and true standards everyone else uses.

Re:

[Luthair]

Probably so they can charge licensing fees. That said, it isn't like we haven't seen issues with libraries for other protocols (I recall example code for bluetooth with bad crypto being copied a lot) - the problem side is more that companies do annual upgrades to product lines and don't adequately support their devices.

Re:

[MachineShedFred]

Because Apple has long suffered from Not Invented Here syndrome. It didn't used to be that way - in the early days of Mac OS X they reached out to open source a lot more than they do today (KHTML, CUPS, etc.).

My guess is that they discovered that if you own the protocol, then you can also gatekeep who can talk that protocol, enabling more walled gardens and competition lockout.

Re: Protocol

[Malc]

Iâ(TM)m just wondering which tried and tested protocol(s) you and the OP expected Apple to adopt for this? Starting in 2004 and getting a major update in 2010?

Google came along with their own equivalent protocol in 2013 - are you criticising them too?

Re:

[herberttlbd]

AirPlay was first introduced in 2010 and was an expansion to AirTunes which was introduced in 2004. Miracast didn't come out until 2012. Google Cast, which is a proprietary protocol, didn't come out until 2013 and, as far as I know, Google now supports it instead of Miracast.

Re: Protocol

[Malc]

There was also DLNA, but itâ(TM)s now defunct.

Re: Protocol

[fluffernutter]

Logitech media server came before all of that.

Re:

[dnaumov]

I will never get why Apple insists on creating their own protocols rather than using tried tested and true standards everyone else uses.

Have you pondered what Airplay is ubiquitous and why people love it? Once you do, you'll have your answer.

Re: Protocol

[fluffernutter]

Pretty sure I was hosting Logitech media server myself before that was available.

Re:

[mjwx]

I will never get why Apple insists on creating their own protocols rather than using tried tested and true standards everyone else uses.

The "why" is pretty easy to understand... if Apple used tried and tested protocols then someone else would be able to make devices and applications that are compatible. This is an absolute dick move, but quite easy to understand.

What confounds me is why people put up with such obvious abuse. At some point they have to realise that they're better off cutting their losses than taking another hard pounding from Apple... "No lube this time, sounds wonderful master".

Re:

[Malc]

Which tried and tested protocols deployed at scale offered the same functionality in 2004 (AirTunes, the AirPlay predecessor) and 2010 (AirPlay itself)? How are those protocols doing now? Did Google use them in Google Play or Chrome Cast years later?

Re: Protocol

[fluffernutter]

Why couldn't html or websockets have been used?

Re:

[Malc]

Didn't web sockets come much later? I don't think they describe the transport of A/V either (codec, multiplex, subtitling etc).

Doesn't AirPlay use HLS for the multimedia formatting, although no idea what is used for control, and I would guess something based on Bonjour for device discovery.

Re: Protocol

[fluffernutter]

Basically you are asking "what other protocols can stream media and be controlled". And yes I'm pretty sure those existed before airplay. The websockets standard was completed in 2008 and airplay came out in 2010. Also slim devices has been doing it with music since 2001, Logitech open sourced the technology after they bought slim devices in 2006.

Wormable

[bill_mcgonigle]

TFS doesn't mention the worst part: it's wormable.

This could spread from speaker to iDevice and then ride to another wifi, spreading to speakers or TV's there. Repeat and fade.

Watch for port 7000 abuse. Low Level on YT has a good video with deets.

The Rust haters will need to skip it. :)

Re:

[AmiMoJo]

It does say that Apple has patched it, although not how far back they went. Are all AirPlay capable devices patched?

It's the third party stuff like speakers and TVs that are screwed. If you can't disable AirPlay then return for a refund or send to eWaste.

Quit Buying From Shit Companies, People.

[zenlessyank]

It ain't religion so quit acting like you gonna go to hell for using a different brand.

Re: Quit Buying From Shit Companies, People.

[RandomUsername99]

Yeah. It couldnâ(TM)t possibly be that people use it because it generally works well and has been readily available for 15 years on products many people already have and enjoy. If you think security vulnerabilities are somehow unique to Apple, you should get a refund for your defective brain.

Re:

[zenlessyank]

Apple has been sucking since stupid Jobs split with Woz. You should learn some history before you start running your mouth.

Apple has ALWAYS sucked.

hahahahahahaha no

[drinkypoo]

"access would be limited to the range of your Wi-Fi."

Guess how many miles that is with a cantenna on just one end.

Re:

[MachineShedFred]

Or someone walking into a hotel loaded with TVs. Or an apartment complex.

Re:

[Random361]

Just wait until someone exploits this to blast hard core porn all over the place. Or if they're more devious, use "AI" to make a fake video of Donald Trump in a fake EAS broadcast saying something truly terrifying. You know, like, "Nuclear missile is inbound to the west coast and we can't stop it. Seek shelter immediately." Or "I just raised tariffs globally another 300%!"

Re: hahahahahahaha no

[RandomUsername99]

In what apartment complex does everyone share the same open WiFi network?

Just secure your router.

[Smonster]

Sounds like you just had to properly secure your router. Of course, there are lots and lots of people who won’t. But it is that simple and you should have been on top of that a long time ago. Like the day you turned on your router.

Re: Just secure your router.

[RandomUsername99]

Most AirPlay devices donâ(TM)t have authentication anyway, so hooking your streaming audio/video device like a Apple TV up to an open network is a pretty smooth-brained move anyway.

Every time

[RandomUsername99]

Every time anyone mentions anything about an Apple vulnerability the entire comment section turns into a huge pool of cringe Dunning-Krueger-fueled, smug but provably wrong, snort-laughing neckbeard idiocy. Go to any Apple forum and look to see what they say about Android or PCs when any of the trillion monthly CVEs make waves: youâ(TM)ll be looking for a good long time because nobody cares. Youâ(TM)re fighting a war with a million people that exist only in your mind based on the .05% of Apple fa

Note to self

[dhaen]

Don't invite hackers to connect to my LAN. If I do, check the colour of their hat at the front door.