Stories
Slash Boxes
Comments

SoylentNews is people

Submission Preview

Link to Story

Some Internet-Exposed Sonos and Bose Speakers Can be Hacked Remotely

Accepted submission by takyon at 2017-12-28 22:34:20
News

Vulnerable IoT speakers from Sonos and Bose [theverge.com] can be hacked to scare/annoy users:

Researchers at Trend Micro have found that certain models of Sonos and Bose speakers have vulnerabilities that leave them open to hijacking, as reported by Wired [wired.com]. The accessible speakers are being exploited by hackers that are using them to play spooky sounds, Alexa commands, and... Rick Astley tracks.

Only a small percentage of speakers by the two companies are actually affected, including some of the Sonos Play:1, the Sonos One, and the Bose SoundTouch. All it takes is for the speaker to be connected to a misconfigured network and a simple internet scan. Once the speaker is discovered via the scan, the API it uses to talk to apps can be utilized to tell the speakers to play any audio file hosted at a specific URL. Of all the models, between 2,500 to 5,000 Sonos devices and 400 to 500 Bose devices were found by Trend Micro to be open to audio hacking.

Sonos told Wired in an email that it is "looking into this more, but what you are referencing is a misconfiguration of a user's network that impacts a very small number of customers that may have exposed their device to a public network. We do not recommend this type of set-up for our customers."

Also at TechCrunch [techcrunch.com].


Original Submission