SecureMac, Inc.

Checklist 421: Strengthening AirPlay and Turning Off TV Tracking

May 2, 2025

AirPlay flaws and smart TV tracking expose user privacy risks—learn how to secure your devices and limit data collection.

Strengthening AirPlay and Turning Off TV Tracking written in red

Checklist 421: Strengthening AirPlay and Turning Off TV Tracking

Vulnerabilities in Apple’s AirPlay Threaten Millions of Devices: What You Need to Know

A newly revealed set of security flaws dubbed “AirBorne by cybersecurity firm Oligo could jeopardize millions of AirPlay-enabled devices—including smart TVs, speakers, streaming sticks, and even connected vehicles. Though not a direct fault of Apple, the vulnerabilities stem from the company’s AirPlay software development kit (SDK) used by third-party manufacturers.

What Is AirBorne?

The AirBorne vulnerabilities were detailed in a report from WIRED and stem from flaws in the AirPlay SDK used in third-party devices that support Apple’s streaming protocol. The exploits allow a hacker—on the same Wi-Fi network—to hijack devices, maintain stealthy control, add them to botnets, or even turn microphones into spying tools.

“If a hacker can get onto the same Wi-Fi network […] they can surreptitiously take over these gadgets,” the Wired article notes.

The vulnerabilities don’t stop at living room tech: CarPlay, Apple’s interface for vehicles, is also affected. Attackers could theoretically take over the head units of more than 800 vehicle models, though they would need a Bluetooth or USB pairing to do so.

Apple Responds—Patch Early, Patch Often

Apple has already patched its own devices and worked with Oligo to distribute fixes for third-party hardware. However, the real problem lies in the slow and inconsistent update cycles for non-Apple manufacturers.

Oligo’s CTO estimates tens of millions of third-party AirPlay-enabled devices could be affected—many of which may never be patched.

Apple stated that it has created patches for impacted third-party vendors, but whether those updates are applied depends on the device mabnufacturers and end-users.

What You Should Do Now

Before reaching for a hammer or blowtorch, users are urged to take practical cybersecurity steps:

Update Your Devices

  • Check for firmware updates from the device’s manufacturer website.
  • Enable automatic updates if available.
  • If the manufacturer is defunct or unresponsive, consider retiring the device.

Secure Your Network

  • Rename your home Wi-Fi network
  • Disable network name broadcasting
  • Use WPA3 or at least WPA2 encryption
  • Keep your router firmware updated
  • Use a strong, unique password
  • Enable firewalls
  • Use a VPN when on public networks

Proof of Concept (But No Malware Yet)

Oligo did not release malware, but it demonstrated the vulnerability by taking over a third-party AirPlay speaker to display the AirBorne logo. The brand was left unnamed, emphasizing that many brands could be vulnerable.

Your Smart TV and Streaming Devices Are Still Watching You — Here’s What You Can Do

Despite paying for your smart TVs and streaming devices, many of them are still tracking your habits, collecting data, and potentially selling it to third parties, according to a recent report from ZDNet. The era of “if you’re not paying, you’re the product” has shifted — now, you pay and remain the product unless you take steps to change that.

Why Are Streaming Devices Tracking You?

In a word: money.

Smart TVs and streaming devices are embedded with tracking software that monitors viewing preferences, ad engagement, and even voice activity, allowing manufacturers and service providers to:

  • Personalize content recommendations
  • Serve targeted advertisements
  • Sell user data to third parties

Although some data collection is necessary for features like streaming synchronization or recommendation engines, much of it is optional — and disabling it can improve your privacy and peace of mind.

6 Ways to Lock Down Streaming Privacy

ZDNet outlines six practical privacy measures to reduce how much your smart devices know about you. Here’s a summary:

1. Adjust Privacy Settings

Go to Settings on your device or TV and disable tracking features you’re not comfortable with. Most devices have options for limiting data collection, though they may be buried in submenus.

2. Limit or Opt-Out of Ad Tracking

Some devices let you limit tracking, while others let you fully opt out of personalized ads. These options either reduce data collection or make ads less specific to your viewing habits.

3. Use a VPN

  • Masks your IP address
  • Encrypts traffic
  • Makes it harder for services to track you
  • Offers access to geo-restricted content on platforms like Netflix

4. Be Cautious with Voice Commands

Many smart devices record and store voice commands. If that concerns you, consider disabling voice features or limiting their use.

5. Disconnect When Not in Use

If you’re very privacy-conscious, consider disconnecting your streaming device from Wi-Fi when it’s not in use. This prevents background data collection.

6. Apply These Tips to Your TV Too

Even if you use a streaming stick or box, smart TVs themselves often have tracking features. Dig into the TV’s own settings to disable data collection and manage voice controls.

The Software Update Dilemma

One real-world reflection from the podcast: if you disconnect your smart TV or streaming box from the internet to prevent tracking, how will you receive important security or firmware updates?

Users are encouraged to:

  • Reconnect periodically for updates
  • Set reminders to check for firmware patches
  • Decide on the balance between privacy and functionality

Device-Specific Privacy Tips

ZDNet’s guide includes step-by-step privacy instructions for:

  • Apple TV
  • Google Chromecast
  • Roku Streaming Stick
  • Amazon Fire TV Stick

Filed under Security News, The Checklist Podcast by SecureMac

Latest Security News

Get the latest security news and deals