Cybersecurity company Trend Micro has found that models from Sonos, including the Sonos One and Sonos Play:1, as well as some Bose SoundTouch speakers, can be found relatively easily by remote attackers. Trend Micro found that between 2,000 and 5,000 Sonos devices could be found online, depending on the time of day, while 400 to 500 Bose systems could be found. Once the speaker is found, an attacker can play any audio of their choice through the speaker without much work.
While playing audio doesn’t sound like much of a threat — especially when compared to your smart home devices being made part of a botnet — it isn’t as innocuous as it sounds. Attackers could, for example, use a compromised speaker to play Alexa or Google Home commands. With our homes increasingly hosting these types of devices, and in the case of the Sonos One, having Alexa built in, this could give an attacker free reign over your smart devices.
Despite the potential consequences that this vulnerability could lead to, for the time being, there don’t seem to be reports of much beyond simple pranks. Earlier this year, a post by a Sonos owner on the company’s community forum complained of a series of spooky sounds emanating from their speaker — first the sound of a door opening, then glass breaking, then a baby crying. Eventually the customer pulled the plug to stop the sound.
Fortunately, this shouldn’t pose a problem for the average Sonos or Bose owner. Most home networks are secure enough to prevent the access needed for this type of attack. If, on the other hand, you’re running a game server or allowing other types of access to your home network from the internet, you might want to tighten up your security settings.
Sonos has issued a patch aimed at fixing this issue, and while Bose has yet to comment on the issue, it’s likely that a similar fix is on the way.
