Researchers Uncover Bugs in Apple’s AirPlay, Risking Takeover of Smart Devices
Vulnerabilities in wireless streaming protocol AirPlay could expose Apple operating system devices to remote code execution by enabling attackers to infiltrate networks through trusted connections.
See Also: Live Webinar | Resilience in Crisis: Recovering Your Minimum Viable Company Fast
Researchers at cybersecurity firm Oligo disclosed a set of vulnerabilities they dubbed “AirBorne” that target the wireless protocol. The flaws, found in the software development kit used by third-party manufacturers, could allow attackers on the same Wi-Fi network to take control of AirPlay-enabled devices such as speakers, smart TVs and set-top boxes.
With “the number of third-party audio devices that support AirPlay can be estimated in the 10s of millions,” the vulnerabilities pose several security risks, including remote code execution. Other potential threats include bypassing access control mechanisms, unauthorized file access and sensitive information leaks. Attackers could also intercept communications through man-in-the-middle attacks or cause service disruptions.
Oligo Security collaborated with Apple during their research process. But many third-party AirPlay-enabled devices rely on the AirPlay SDK and may not regularly update their devices.
The attack vectors use the fact that AirPlay-enabled devices communicate over wireless or peer-to-peer connections, enabling attackers to exploit without needing direct physical access to the devices.
The AirBorne vulnerabilities discovered by Oligo also impact CarPlay, the protocol that connects smartphones to vehicle dashboard systems. The hackers could gain control of a car’s head unit in over 800 CarPlay-enabled models. However, in these cases, the vulnerabilities can only be exploited if the attacker successfully pairs their device with the car’s head unit via Bluetooth or USB, significantly limiting the risk of CarPlay-based vehicle hacking.
Researchers demonstrated a proof-of-concept exploit targeting a stack overflow vulnerability in AirPlay-enabled speakers. In the demonstration, the attacker sends malicious data to the vulnerable speaker, triggering the overflow. This results in the execution of arbitrary code.