I’m all for “protocols should mandatorily be free” but then, how does Apple “guarantees authenticity” of the opposite device, to ensure it doesn’t brick it or gets bricked by it? I’m half serious, it’s always the excuse used for applying DRM to any device (even the famous orange juice presser, Juicero, now bankrupt, which only works with DRM’ed oranges, to ensure it doesn’t intoxicate the consumer), so should law also mandate that a device producer who doesn’t respect the specs is liable for the bricked iPhone?
If an improper Airplay implementation could brick an iPhone, what's to say a hacker couldn't do the same (whether or not you've opened up the protocol, because anything can be hacked)? Or even just a network screwup, or a random bitflip.
Which is to say, airplay shouldn't be capable of bricking an iPhone, and if it can, that's a critical issue which needs to be fixed.
I think a better example for AirPlay would be a third-party AirPlay server that (either maliciously or incompetently) exposes content streamed from the user's iPhone on the Internet publicly.
You could do that with an Apple TV too. The Apple TV has HDMI out—who knows where that signal is going!
Of course, the user needs to enable screen mirroring first, but they'd have to anyway. If the iPhone can be made to send a video signal over Airplay without user interaction, that's a serious vulnerability which Apple needs to address immediately.
> The Apple TV has HDMI out—who knows where that signal is going!
Sure. You could also point your webcam at your TV and then malware on your computer streams that to the public. This is all just a matter of how likely each problem is in practice.
Actually, HDMi is encrypted and only peripherals approved as receivers (i.e. not re-encoders) have the decryption key.
So they’ve tried at having a closed garden. They didn’t succeed much because they had to enable HDMi-to-VGA adapters, and VGA is not encrypted. But the resolution is lower.
But the battleground has been tested for complete lockdown of image output, and now that they have the rough idea, no doubt the next standards are going to be more and more restrictive.
> how does Apple “guarantees authenticity” of the opposite device, to ensure it doesn’t brick it or gets bricked by it?
The same way they do it with webpages, Messages, and email. JailbreakMe.com used a TIFF exploit to jailbreak your phone 10 years ago--they patched it. iOS 14 added a thing called BlastDoor to protect Messages from malicious data. I don't see how documenting it changes anything.
You actually authenticate the client? Just because, say, Apple has to document their protocols doesn’t mean they also can’t reject connects that aren’t Genuine(tm) Apple hardware with the usual bag of DRM.
