Serious AirPlay gap: Users demand firmware update for old AirPort routers

Following the discovery of serious security vulnerabilities in the local streaming protocol AirPlay, users are calling on Apple to patch older devices too. The company has provided current products such as Macs, iPhones, iPads and Apple TV with corresponding updates in recent months, but not the AirPort series Wi-Fi routers, which were officially discontinued in 2018. This may be understandable due to their age, but the devices are still in use by some users due to their stability. Apple had also already patched the devices after the series was discontinued.

Old devices, still popular

A group led by developer Gary Longsine has now started a petition on Change.org to ask Apple for an update. This would be good for both security and the environment. Specifically, it is mainly about AirPort Express. The hardware was last updated in 2012 and is specifically designed to connect audio devices – and offers access to AirPlay 2.

"Although the Airport and Airport Express devices were discontinued in 2018, they are still powerful, robust and durable. Many of them are still in use," writes Longsine. For example, there is still a lively trade on eBay. In addition to the pure WLAN function and the AirPlay 2 feature on the Express models, the devices can also be used to integrate USB printers into the local network. Longsine also emphasizes Apple's commitment to the environment, which includes long-term support. "I urge Apple to reconsider the issue of firmware updates for Airport and Airport Express and to look into the possibility of releasing security patches for these devices."

Numerous unpatched devices

Due to the so-called AirBorne gap, unpatched AirPlay devices – such as AirPort Express – can actually no longer be used, as they are comparatively easy to take over. This also affects various speakers, televisions and other entertainment devices for which there will probably be no more patches.

As long as an attacker manages to access the respective WLAN, they can take over AirPlay devices and use them for further attacks, according to the discoverers of the vulnerability. As microphones are sometimes also integrated into such accessories, eavesdropping attacks are at least conceivable, according to the security company Oligo. Longsine's petition currently has almost 300 signatories.

Empfohlener redaktioneller Inhalt

Mit Ihrer Zustimmung wird hier ein externer Preisvergleich (heise Preisvergleich) geladen.

Preisvergleiche immer laden Preisvergleich jetzt laden

Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (heise Preisvergleich) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.

(bsc)