People across the internet have been sounding the alarm about potential security risks connected to an iPhone setting that you may not have noticed. And experts in cybersecurity think it’s worth taking a look.
Earlier this year, several social media users on TikTok and Instagram took to the internet to warn others about the Airplay settings on their iPhones. One viral TikTok post warned iPhone users to make sure their Airplay settings were not set to “Automatic.”
This setting can be accessed on an iPhone by going to: Settings > General > Airplay & Continuity > Automatically Airplay. Under “Automatically Airplay,” Apple offers iPhone users the option to choose between “Never,” “Ask” or “Automatic.”
Organic Media via Getty Images
The viral post claimed that having “Automatic” selected makes users more vulnerable to hackers who have the ability get all of the information on their phone “in a matter of seconds” — as long as the hacker’s phone is right next to the user’s phone.
Many people replied to the TikTok post expressing concerns about the setting, with some noting that their Airplay setting was unknowingly set to “Automatic.”
Apple did not immediately return a request for comment.
Kevin Tackett, CEO of security consulting company Secure Ideas, told HuffPost that as it relates to concerns about the “Automatically Airplay” setting, it’s important to note that “any ‘additional’ connectivity is a risk.”
“So yes having this on when you don’t need it is a bigger issue than not having it on,” he said.
But Tackett said that statements that a hacker could simply steal all of an iPhone user’s information because they had Airplay turned on is “an exaggeration.”
“There have been flaws that allowed for additional access, such as the Airborne flaw from last year, that would give access through further exploitation, but simply having the setting on does not give the attacker this level of access,” he said.
Tackett was referencing a collection of bugs and vulnerabilities that researchers discovered with Apple and devices that support Airplay last year. Apple told Wired last April it had collaborated with researchers to address the issues and to push out security updates.
Dave Chronister, CEO of Parameter Security, told HuffPost that while vulnerabilities with Apple and Airplay devices were addressed last year, the concerns highlighted why “automatic connections, while convenient, can be a very bad idea.”
“If I as a hacker wanted to exploit this, I could set up a device that would broadcast AirPlay. If a vulnerable system connects, I can send the exploit code, and without any user interaction, their device would be compromised,” he said. “Depending on the vulnerability, it may also give me access to almost anything on the device. Any device that is set to accept airplay from ‘the same network’ or ‘everyone’ could be at risk.”
Here’s what experts want you to do about some of the connectivity settings on your iPhone.
It’s important to first understand how software updates factor into security concerns with your iPhone. Chronister emphasized that while most updates fix security issues, like last year’s AirPlay vulnerabilities, iOS updates can change certain settings to “Automatic.” Airplay is a “network protocol and can be vulnerable to a weakness known as a ‘worm,’” he explained.
“While that same update ensures that you are patched for AirBorne vulnerabilities, it has now set up a situation where a future worm is discovered in AirPlay,” he said. “Now all the systems that are set to automatic become especially vulnerable to future exploitation.”
He added, “It is important to understand that automatic enablement of settings and services is something that most operating systems companies do to showcase new features. It is the classic war between functionality and security.”
Tackett said that for years Apple has pushed updates, “which reset the configurations to the defaults which are less secure than the settings the user has had.”
He said those in the cybersecurity community have long been warning users that they need to check their phone’s privacy and security settings after every update.
“Of course, we have also been yelling at Apple and other vendors to stop doing this,” he said. “It makes zero security sense to reset these configurations. The only reason that Apple and others do it is to make their support easier for new features.”
Tackett said that overall, it’s best to turn off any setting you don’t need.
“Connectivity is dangerous to some level, no matter the type of connectivity,” he said. “So if you aren’t using it, turn it off. If you are using it, turn on only the aspects you need.”
And when it comes to Airplay, Tackett recommends that if you want to use the feature, then set it to “Ask.”
“That way you have the feature, but it is more secure than the default,” he said.
Chronister advises that it’s a good practice to keep an eye on your phone’s connectivity settings. “If you do not use a protocol like AirPlay, turn it off. For Bluetooth and WiFi, make sure you know and trust the networks and devices you are connecting to,” he said.
The original version of this story was published on HuffPost at an earlier date.
