Apple’s AirPlay was designed to make life easier, letting users stream music, photos and videos from iPhones and MacBooks to TVs, speakers and other compatible devices with just a tap. But now, cybersecurity researchers have revealed that this same convenience may be opening the door to hackers. A new set of vulnerabilities, collectively called AirBorne, could turn AirPlay-enabled gadgets into stealthy entry points for malware and network infiltration.
Join The FREE “CyberGuy Report”: Get my expert tech tips, critical security alerts and exclusive deals, plus instant access to my free “Ultimate Scam Survival Guide” when you sign up.
Researchers at Tel Aviv-based cybersecurity firm Oligo recently disclosed AirBorne, a group of security flaws in Apple’s proprietary AirPlay protocol. These bugs exist primarily in the AirPlay software development kit (SDK) used by third-party manufacturers to bring AirPlay support to smart TVs, speakers and other media devices. The security flaws mean if a hacker is on the same Wi-Fi network as a vulnerable device, they can hijack it without ever touching the device.
From there, attackers could move laterally within a home or corporate network, silently hopping from one device to another. They might install malware or ransomware, disrupt operations or even lock users out of their own systems. In some cases, compromised devices could be added to a botnet, a network of hijacked machines working in unison for larger attacks. And because many smart gadgets come equipped with microphones, hackers could even turn them into tools for eavesdropping and surveillance.
200 MILLION SOCIAL MEDIA RECORDS LEAKED IN MAJOR X DATA BREACH
Apple has already patched the AirBorne bugs on its own devices and issued updates to third-party vendors. However, researchers warn that many third-party AirPlay-enabled products, possibly tens of millions, may never receive a fix, either because they do not auto-update or because vendors are slow or unwilling to release security patches.
A striking demonstration by Oligo showed how easily a Bose speaker was taken over to display the firm’s logo, proving how simple it could be for a hacker to silently gain control. Though Bose was not specifically targeted, the example highlights the broader risk. Any unpatched device using AirPlay SDK could be a gateway for malicious actors.
The researchers also discovered that Apple CarPlay is affected. While exploiting it would be harder and would require Bluetooth or USB pairing, more than 800 car and truck models are potentially vulnerable.
HERTZ DATA BREACH EXPOSES CUSTOMER INFORMATION
HOW TO UPDATE ALL OF YOUR DEVICES AND KEEP THEM SAFE
1) Set up a separate Wi-Fi network for smart devices: Most modern routers allow you to create multiple networks. Use this feature to keep your smart home devices such as AirPlay-enabled speakers, TVs or receivers on a dedicated “IoT” (Internet of Things) network. Keep this separate from your main devices, like phones, laptops and work computers. This segmentation ensures that even if a hacker gains access to a vulnerable smart device, they cannot easily reach more critical or sensitive devices on the primary network.
2) Disable AirPlay when not actively using it: AirPlay is designed to always be on and discoverable, which makes it convenient but also leaves it exposed. If you rarely use AirPlay or only use it occasionally, go into your device settings and turn it off completely. On Apple devices, AirPlay settings can be found under “General” or “AirPlay & Handoff.” For third-party devices, check their companion apps or manuals. Turning off AirPlay removes it as an open door for attackers.
3) Avoid using AirPlay on public or unsecured Wi-Fi and use a VPN: One of the key conditions for exploiting AirBorne vulnerabilities is that the attacker must be on the same Wi-Fi network as the target device. This makes public Wi-Fi networks in places like cafés, airports, hotels or shared workspaces particularly risky. If you need to use your device in such environments, avoid casting, streaming or pairing with smart devices.
Consider using a VPN to protect against hackers snooping on your device as well. VPNs will protect you from those who want to track and identify your potential location and the websites that you visit. A reliable VPN is essential for protecting your online privacy and ensuring a secure, high-speed connection. For the best VPN software, see my expert review of the best VPNs for browsing the web privately on your Windows, Mac, Android and iOS devices.
4) Strengthen and secure your home Wi-Fi network: Make it more difficult for attackers to gain access to your home network. Use a strong, unique password for your Wi-Fi that is different from your other account credentials. Ensure that your router firmware is updated and that encryption is set to WPA2 or WPA3. Avoid older and less secure options like WEP or open networks. Turn off features like WPS, which are designed for easy setup but can also make your network more vulnerable. If possible, disable universal plug and play (UPnP) and similar features that make all devices on your network easily discoverable. Also, consider using a password manager to generate and store complex passwords. Get more details about my best expert-reviewed password managers of 2025 here.
5) Limit device permissions and exposure: Smart devices with AirPlay support often include features like microphones, auto-pairing and remote access. Review each device’s settings and disable any features you do not actively use. For example, if your smart speaker has a microphone, but you never use voice commands, turn off the microphone or cover it. The fewer functions a device has exposed, the fewer opportunities a hacker has to exploit it. If your router supports it, use device-level firewall rules to limit which services or internet connections your smart gadgets can access.
Apple likes to market itself as the go-to for privacy and security, but the AirBorne vulnerabilities show that the company’s devices are far from bulletproof. While they patched their own products, millions of third-party AirPlay devices are still wide open to attack. It’s becoming clear that Apple’s control over its ecosystem isn’t as tight as they’d like you to believe. If they really want to be the privacy leader, they need to step up and fix these issues across the board, not just when it suits them.
Do you trust Apple’s claims about privacy and security after reading this article? Let us know by writing us at Cyberguy.com/Contact.
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most-asked CyberGuy questions:
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.
