Hackers can remotely control thousands of Sonos and Bose speakers

Pierluigi Paganini January 01, 2018

Security experts at Trend Micro have demonstrated that certain models of Sonos and Bose speakers are affected by vulnerabilities that could allow attackers to hijack them.

Hackers can trigger the flaws to access the speakers and use them to play spooky sounds or to issue Alexa commands.

Only specific models of the two companies are actually affected by the issues, including the Sonos One and the Bose SoundTouch.

Attackers scan the Internet for vulnerable devices, once discovered flawed speakers they can use the API to instruct them into playing any audio file hosted at a specific URL.

“The impacted models allow any device on the same network to access the APIs they use to interface with apps like Spotify or Pandora without any sort of authentication.” reads the post published by Wired. “Tapping into that API, the researchers could simply ask the speakers to play an audio file hosted at any URL they chose, and the speakers would obey.”

speakers SoundofTA_Attack-Scenario-01

The experts at Trend Micro have found between 2,500 to 5,000 Sonos devices and 400 to 500 Bose devices open to audio hacking.

The attacks are more scaring in scenarios in which those voice assistant devices control smart home features from door locks, conditioners, and lighting.

“Whereas previous studies focused on seizing control of speakers like the Amazon Echo and Google Home, the results of our case study led to unique findings. These include security gaps that resulted from a simple open port that gave anyone on the internet access to the device and user information.” reads the post published by Trend Micro. “The first glaring finding was access to email addresses that are linked to music streaming services synced with the device. Another was access to a list of devices as well as shared folders that were on the same network as the test device. “

In testing devices running an older version of Sonos software, the researchers demonstrated that they leak detailed information, like the IP addresses and device IDs of gadgets that had connected to the speakers.

The attack that was theorized by Trend Micro were already reported in the wild, one Sonos customer earlier this year reported that her speaker started playing strange sounds.

Trend Micro shared its findings with Sonos, which quickly fixed the issues, including a denial-of-service (DoS) bug, while Bose still hasnìt replied.

The full report including the attack scenarios is available at the following link:

The Sound of a Targeted Attack.


[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – speakers, IoT)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment