Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.

Some Internet-Exposed Sonos and Bose Speakers Can be Hacked Remotely

posted by cmn32480 on Friday December 29 2017, @07:12PM   Printer-friendly
from the sounds-like-a-problem dept.

takyon writes:

Vulnerable IoT speakers from Sonos and Bose can be hacked to scare/annoy users:

Researchers at Trend Micro have found that certain models of Sonos and Bose speakers have vulnerabilities that leave them open to hijacking, as reported by Wired. The accessible speakers are being exploited by hackers that are using them to play spooky sounds, Alexa commands, and... Rick Astley tracks.

Only a small percentage of speakers by the two companies are actually affected, including some of the Sonos Play:1, the Sonos One, and the Bose SoundTouch. All it takes is for the speaker to be connected to a misconfigured network and a simple internet scan. Once the speaker is discovered via the scan, the API it uses to talk to apps can be utilized to tell the speakers to play any audio file hosted at a specific URL. Of all the models, between 2,500 to 5,000 Sonos devices and 400 to 500 Bose devices were found by Trend Micro to be open to audio hacking.

Sonos told Wired in an email that it is "looking into this more, but what you are referencing is a misconfiguration of a user's network that impacts a very small number of customers that may have exposed their device to a public network. We do not recommend this type of set-up for our customers."

Also at TechCrunch.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Some Internet-Exposed Sonos and Bose Speakers Can be Hacked Remotely | Log In/Create an Account | Top | 5 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by stormreaver on Friday December 29 2017, @08:26PM (2 children)

    by stormreaver (5101) on Friday December 29 2017, @08:26PM (#615643)

    Are there no passwords on these devices?

    That's a secondary question to, "who the f*** puts speakers on the Internet?!"

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 1) by tftp on Friday December 29 2017, @10:55PM

    by tftp (806) on Friday December 29 2017, @10:55PM (#615682) Homepage
    This is why the IoT idea is so dangerous. Those devices eagerly accept any configuration and receive from everywhere because security is very expensive: how many out of a thousand potential owners would be knowledgeable and willing to set up the thing securely and maintain that security? At work companies pay big money to the IT for these services. Nobody is going to pay at home, and nobody is going to do more than plug the thing into the wall. The devices have to configure themselves securely or reject the setup as invalid. It is possible today, but expensive in design.

  • (Score: 3, Insightful) by captain normal on Saturday December 30 2017, @03:03AM

    by captain normal (2205) on Saturday December 30 2017, @03:03AM (#615720)

    Right...and the real answer is that anything connected to the internet can (and probably will be) hacked.

    --
    When life isn't going right, go left.