AirBorne Flaws Expose Millions of AirPlay Devices to Hacker Takeovers Without Passwords

A set of vulnerabilities called AirBorne has been discovered in Apple's AirPlay and CarPlay technologies, potentially exposing millions of third-party devices to attacks from hackers on the same Wi-Fi network. Cybersecurity firm Oligo found that these flaws could allow attackers to hijack smart speakers, TVs, set-top boxes, and other AirPlay-enabled gadgets without needing a password or user interaction. The vulnerabilities stem from AirPlay's open-access design and lack of sufficient access controls. Apple has patched its own devices through recent updates, but many third-party devices may never receive fixes, especially older models. Public Wi-Fi networks pose a significant risk, although practical exposure is limited as people rarely bring smart home devices into these spaces. Some CarPlay-enabled devices could also be vulnerable if they use weak or default Wi-Fi passwords. To protect against attacks, users should install updates for third-party AirPlay devices, secure their Wi-Fi networks, and disable AirPlay features on devices they don't regularly use.