Vulnerable IoT speakers from Sonos and Bose can be hacked to scare/annoy users:
Researchers at Trend Micro have found that certain models of Sonos and Bose speakers have vulnerabilities that leave them open to hijacking, as reported by Wired. The accessible speakers are being exploited by hackers that are using them to play spooky sounds, Alexa commands, and... Rick Astley tracks.
Only a small percentage of speakers by the two companies are actually affected, including some of the Sonos Play:1, the Sonos One, and the Bose SoundTouch. All it takes is for the speaker to be connected to a misconfigured network and a simple internet scan. Once the speaker is discovered via the scan, the API it uses to talk to apps can be utilized to tell the speakers to play any audio file hosted at a specific URL. Of all the models, between 2,500 to 5,000 Sonos devices and 400 to 500 Bose devices were found by Trend Micro to be open to audio hacking.
Sonos told Wired in an email that it is "looking into this more, but what you are referencing is a misconfiguration of a user's network that impacts a very small number of customers that may have exposed their device to a public network. We do not recommend this type of set-up for our customers."
Also at TechCrunch.
(Score: 2) by frojack on Friday December 29 2017, @07:27PM (3 children)
Are there no passwords on these devices? Anyone who can see it can mess with it? When would that have EVER been a good idea?
Also, what happens to these devices with the spread of IPV6? Doesn't that put large number of things that were designed assuming they would be behind routers at risk?
No, you are mistaken. I've always had this sig.
(Score: 2) by stormreaver on Friday December 29 2017, @08:26PM (2 children)
That's a secondary question to, "who the f*** puts speakers on the Internet?!"
(Score: 1) by tftp on Friday December 29 2017, @10:55PM
(Score: 3, Insightful) by captain normal on Saturday December 30 2017, @03:03AM
Right...and the real answer is that anything connected to the internet can (and probably will be) hacked.
When life isn't going right, go left.
(Score: 2) by stretch611 on Friday December 29 2017, @09:53PM
So people stupid enough to buy internet connected speakers, aren't able to have a decent firewall, end up being forced to listen to Rick Astley.
If that doesn't teach them to stop believing marketing hype and/or have someone secure their network, I don't know what will.
Now with 5 covid vaccine shots/boosters altering my DNA :P