Thousands of Sonos and Bose Speakers Vulnerable to Targeted Attacks and Data Leaks
Internet connected devices are all the rage these days. Did you receive any smart speakers over the past weekend? Make sure they aren’t being hijacked by hackers. Security researchers have revealed that some models of Sonos and Bose speakers can be used by hackers to play tricks on you – or worse, use them to make your smart assistants execute commands.
“The unfortunate reality is that these devices assume the network they’re sitting on is trusted, and we all should know better than that at this point,” Mark Nunnikhoven of Trend Micro said. “Anyone can go in and start controlling your speaker sounds.” These speakers assume that any device on the same network can be trusted to send them audio without any authentication. Attackers can also use security gaps that “resulted from a simple open port” giving anyone on the internet access to the device and user information, researchers wrote.
The first glaring finding was access to email addresses that are linked to music streaming services synced with the device. Another was access to a list of devices as well as shared folders that were on the same network as the test device. We also got BSSID information that, paired with an existing API that queries specific BSSIDs, gave us the approximate location of access points used by the test unit. And lastly, we were able to see the device’s activities, such as current songs being played, control the device remotely, as well as play music through URI paths.
Using simple scanning tools like Shodan, hackers can spot these exposed speakers, access them, and send them their own commands. During their research, they spotted between 2,000 and 5,000 Sonos speakers and between 400 to 500 Bose devices. Trend Micro researchers said the impacted models also include the latest Sonos One and Bose SoundTouch systems.
While the speakers themselves can only be used to play music (or weird sounds late at night…) of the hacker’s choice, researchers warn that this access could also be used to speak commands to Amazon Echo or Google Home if they are placed close to the speakers. Since home assistants have access to several other internet connected devices, including door locks, this could pose serious security concerns to people who have turned their place into an internet connected, smart home. “Now I can start to run through more devious scenarios and really start to access the smart devices in your home,” security researcher said.
The security concern doesn’t seem to be critical at the moment as this access would mostly be used for pranks – and it appears that’s already the case. “Please can someone help ! I’ve had my sonos system for 7 months and love it however a couple of nights ago the speaker in my hall started making really weird sounds, like a door opening, then half an hour later a baby started to cry from the speaker randomly for the rest of the evening,” one user complained on Sonos forum nearly a year ago.
Last night I was going to bed then I heard my speaker in my bedroom produce a sound like a plate or glass breaking followed by the crying baby sound – it was really loud! It’s starting to freak me out and I don’t know how to stop it. It seems to only happen at night and is totally random !
Sonos has pushed an update to reduce what user information can be leaked through its speakers, however, Bose is yet to respond to these concerns. Both the companies’ affected models remain vulnerable to the audio API attack when these speakers are left exposed on the internet.