An analysis has emerged indicating that billions of devices worldwide are exposed to hacking threats through Apple’s AirPlay and CarPlay wireless connectivity features.
Overseas security firm Oligo Security has stated that a security vulnerability, known as ‘AirBorne’, affects not only Apple devices but also numerous third-party devices (those equipped with AirPlay and CarPlay functions).
The problematic vulnerability is a ‘zero-click remote code execution’ method that allows hackers to access a device to implant malware or extract sensitive information, simply by being on the same Wi-Fi network as the user, without the user having to take any action. Malware can also automatically spread to other devices in the form of a ‘worm’.
The impact of the vulnerability is extensive. Not only iPhones, iPads, Macs, and Apple TVs, but also smart speakers, TVs, and in-car infotainment systems that support AirPlay are all targets. Oligo Security has warned that up to 2.35 billion Apple devices and numerous Internet of Things (IoT) devices could be at risk due to this.
Especially in-car systems with CarPlay functionality enabled may be vulnerable to hacking not only through Wi-Fi but also via Bluetooth and USB connections. In fact, over 800 vehicle models are exposed to such attacks, and it is possible for hackers to manipulate the vehicle’s infotainment system or eavesdrop on conversations among passengers.
Public Wi-Fi environments, such as those in airports, hotels, and cafes, are the most dangerous attack routes. Hackers can infect vulnerable devices in these settings and use them as a launching point for additional attacks when the infected devices connect to home or corporate networks. Infected devices can threaten the entire smart home ecosystem, including smart speakers, TVs, surveillance cameras, and home hubs.
The routes for hacking are due to deficiencies in the AirPlay internal authentication design and flaws in network command processing methods. Attackers can exploit these to read local files, bypass access permissions, and intercept communication content through man-in-the-middle (MITM) attacks.
Security experts advise that keeping a device’s operating system up to date is the most fundamental defense measure. It is advisable to disable the AirPlay receiving function if not in use and limit connected devices to trusted sources. Wi-Fi passwords of routers should be set to be sufficiently strong, and public networks should be avoided if possible.
Furthermore, users of third-party smart devices should check whether manufacturers provide security updates and maintain up-to-date firmware. For vehicles equipped with CarPlay, it’s essential to check wireless connection security settings and the status of software updates.
While Apple has recently released security patches for its products, third-party devices that are not supported by updates or lack proper systems may remain vulnerable in the long term, requiring particular caution.