I’ve never used Apple Airplay before. I have an AppleTV that was free for paying for a 3 month subscription with DirecTV Now. But I hadn’t intentionally fired it up since cancelling that subscription. This week I bought a new TV. While watching The Dark Knight on Netflix, suddenly the TV changes inputs to the ...
Continue reading ‘Airplay Annoyance’ »
The post Airplay Annoyance appeared first on Roger's Information Security Blog.
I’ve never used Apple Airplay before. I have an AppleTV that was free for paying for a 3 month subscription with DirecTV Now. But I hadn’t intentionally fired it up since cancelling that subscription.
This week I bought a new TV. While watching The Dark Knight on Netflix, suddenly the TV changes inputs to the AppleTV and Katherines Ipad is requesting to perform remote control, and a PIN is displayed to be typed into the iPad.
Generally, I like to think I have a tight reign on my computer devices, but Apple has snuck this one up on me.
Apparently by default, via Bluetooth, my neighbors can connect to my AppleTV. I’m guessing that with my old TV this would occur, and I just wouldn’t notice the AppleTV turn on, but the new TV is smart enough to switch to the new input. So essentially Apple and Samsung have conspired to have my neighbor denial of service my movie watching.
First steps
- Make sure the apple TV is on my wifi. Pretty sure the neighbor hasn’t guessed my 100+ character pre-shared key.
- Disable Bluetooth. Of course my generation of AppleTV cant do that.
- change the name of the AppleTV. If everyone in the neighborhood is named the default “AppleTV”, no wonder people are accidentally clicking on the wrong device. On my AppleTV, this was under Settings -> General -> About. On newer models it is found under Settings -> Airplay.
- Under Settings -> Airplay -> Airplay, set Allow Access to “Anyone on the same network”. The default is “everyone”. I guess “it just works” trumps security. Unfortunately I cant find good documentation if bluetooth users are considered on the same network.
Set “Also Allow Nearby to Airplay” to off. Again, having trouble finding description of this setting. But it seems safe.
Enable requiring a password for airplay.I then turned off wifi on my phone, and verified that no airplay devices were visible over Bluetooth
And now that I”m looking further it seems my new Samsung is in perpetual discovery mode. So any rando nearby can request to pair, and on the TV, I’ll be prompted to allow, deny or close. Haven’t found a way to disable that yet. Lovely.
The post Airplay Annoyance appeared first on Roger's Information Security Blog.
Source: RogersInformatoionsecurity
Source Link: https://www.infosecblog.org/2018/08/airplay-annoyance/