In April they attracted great attention: experts from the Israeli IT security company Oligo Security had massive attack areas in Apple’s local streaming protocol AirPlay, with which various devices can be attacked-just because you are in the same WLAN. While Apple quickly resolved the problems in iOS, macOS, iPados and its other operating systems (including HomePod software), manufacturers of AirPlay-enabled devices from home entertainment to the speaker are slowly coming after the patch.
Some products are probably never sealed. However, it was hardly noticed that CarPlay is also affected, whose wireless protocol is also based on AirPlay. Apple also patched here, but the software is (also) (also) in the so -called headunit in cars – and that is exactly what there are still surprisingly few updates. This is described by the oligo security researchers Uri Katz, Avi Lumelsky and Gal Elbaz in one paperwhich had already been published last week.
Airplay gap is also in CarPlay
The methodology called “Pwn My Ride” is based on the stack overflow error with the CVE-ID 2025-24132. It can be exploited if a device is connected to the multimedia system of the car. Run Various older SDKs (AirPlay audio before 2.7.1, AirPlay video before 3.6.0.126 and CarPlay Communication Plug-in before R18.1)-depending on the vehicle model-even zero-click attacks without user interaction are possible. It is possible to obtain root rights. This is possible both via WLAN and via Bluetooth – the latter must then be active. It was initially unclear whether attacks are also possible, because there are many vehicles that do not support Wireless CarPlay. The researchers focused on the wireless scenario.
With root access to the entertainment system, various options are associated-from manipulating the system to the compensation of data to spy options. The attacker must have dealt with the car play implementation of the vehicle, but there are frequently used systems. At the AirPlay gap in speakers, the Oligo Security researchers had shown, among other things, how they could do scratches on their existing screens-the possibilities are wide. In a demonstration video, the researchers show how they were able to place a “hacked” image on the screen of the entertainment system after registering on the car WLAN hotspot of the car. The car helps the attackers, because the WLAN password is transmitted via the IAP2 protocol.
Patches in the workshop – if there is a patch
To solve the problem, the car manufacturers are now in demand. The security researchers estimate that there are several million vehicles on the street that still drive around unpaid. Firmware updates are often not over-the-air (OTA), but only possible via USB stick and/or only in the workshop. Since the cycles are often of different lengths, this can take a small eternity – if the manufacturer takes care of it at all.
“If a weak point is discovered in a widespread SDK like Apple’s AirPlay, the challenge is not only to remedy the error, but also to ensure that every provider who depends on the SDK actually implemented the correction and passes on to the end user,” writes Oligo Security. This is particularly difficult with cars. “In contrast to a smartphone or laptop that is updated overnight, the update cycles in vehicles are slow, fragmented and often require a visit to the dealer or manual installation via USB.”
Discover more from Apple News
Subscribe to get the latest posts sent to your email.