INSUBCONTINENT EXCLUSIVE:
Oligo also notes that many of the vulnerable devices have microphones and could be turned into listening devices for espionage
The researchers did not go so far as to create proof-of-concept malware for any particular target that would demonstrate that trick.Oligo
says it warned Apple about its AirBorne findings in the late fall and winter of last year, and Apple responded in the months since then by
pushing out security updates
The researchers collaborated with Apple to test and validate the fixes for Macs and other Apple products.Apple tells WIRED that it has also
created patches that are available for impacted third-party devices
The company emphasizes, though, that there are limitations to the attacks that would be possible on AirPlay-enabled devices as a result of
the bugs, because an attacker must be on the same Wi-Fi network as a target to exploit them
Apple adds that while there is potentially some user data on devices like TVs and speakers, it is typically very limited.Below is a video of
CarPlay-enabled car and truck models
In those car-specific cases, though, the AirBorne vulnerabilities could only be exploited if the hacker is able to pair their own device
with the head unit via Bluetooth or a USB connection, which drastically restricts the threat of CarPlay-based vehicle hacking.The AirPlay
SDK flaws in home media devices, by contrast, may present a more practical vulnerability for hackers seeking to hide on a network, whether
to install ransomware or carry out stealthy espionage, all while hiding on devices that are often forgotten by both consumers and corporate
or government network defenders
