Cybersecurity researchers have revealed details about a new remote hack on Apple CarPlay that could allow attackers to spy on drivers or distract them while they're on the road.
The vulnerability, discovered by the firm Oligo, exploits a critical flaw in Apple's AirPlay wireless protocol. The attack can be carried out wirelessly over either Wi-Fi or Bluetooth. Oligo found that it targets a communication protocol used by CarPlay, which only authenticates the phone but not the vehicle's infotainment system. This creates a weakness that allows an attacker to impersonate a legitimate iPhone.
Once an attacker has access, they can use the flaw to gain full control of the system. This allows them to take over the car's screen to display distracting images or play audio. They could also eavesdrop on conversations inside the vehicle or track its location.
While Apple patched the core vulnerability in late April, very few car manufacturers have integrated the fix into their products. The process of adapting and testing the patch for each vehicle is complicated and time-consuming, leaving millions of vehicles exposed to the attack. According to Oligo, this creates a "long tail of exposure" where many cars may never get the update at all, even after an official fix exists.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
