From PC Mag: Researchers at cybersecurity firm Oligo have found major vulnerabilities in Apple's AirPlay protocol that allow hackers to breach compatible devices on the same Wi-Fi network.
AirPlay is a Wi-Fi-based protocol that allows Apple users to cast audio and video to devices like speakers, monitors, smart TVs, etc. The vulnerabilities, dubbed "AirBorne," were found in both Apple's AirPlay protocol and the AirPlay Software Development Kit (SDK) that third-party vendors use to make their devices AirPlay compatible, Wired reports.
In a video, the researchers demonstrated how the vulnerabilities could be exposed. They accessed an AirPlay-enabled Bose speaker on their network and remotely executed code (an RCE attack) to show the "AirBorne" logo on the speaker's display. Hackers could use a similar trick to gain access to microphone-equipped devices for espionage, the researchers claim.
CarPlay-equipped infotainment systems are also at risk. Malicious actors could carry out an RCE attack if they are near the CarPlay unit and "the device has a default, predictable, or known Wi-Fi hotspot password."
View: Full Article
