Another day, another IoT flaw – Sonos and Bose Smart Speakers Vulnerable to be Hacked Remotely to Play Sounds of Hackers’ Choice.
With smart technology, it is very important to remain alert and aware enough about security loopholes otherwise you can prepare yourself for dire consequences. According to security experts at Trend Micro, some of the popular smart wireless speakers can be hijacked to play the sound of attackers’ choice and attackers can even control the default voice-activated assistant.
Researchers claim that some models of smart wireless speakers made by Sonos and Bose such as the latest Sonos Play:1, Sonos One and Bose SoundTouch systems, are vulnerable to be hijacked and exploited by hackers. Hackers can easily play any audio file that they choose to simply by exploiting the poorly configured network provided that they have access to that network. This is quite a dreadful discovery because it means thousands of speakers are currently prone to hijacking.
Trend Micro’s research director Mark Nunnikhoven states that these smart speakers can be controlled just because of a ‘carelessly configured network’ or lack of appropriate security. “The unfortunate reality is that these devices assume the network they’re sitting on is trusted, and we all should know better than that at this point anyone can go in and start controlling your speaker sounds.”
Reportedly, around 2,000 to 5,000 Sonos speakers and 400 to 500 Bose speakers are identified to be vulnerable to hijacking. Trend Micro researchers utilized popular network testing tools to arrive at this conclusion; however, it is suspected that the actual, potential number of vulnerable devices might be higher than this.
This revelation from Trend Micro [PDF] is not surprising at all since a Sonos customer had reported earlier this year that her speaker played strange sounds every now and then such as of crying babies or breaking glass. Sometimes the speaker also played creepy, ghostly sounds.
Researchers noted that the vulnerable models can be discovered by attackers and hackers easily using basic internet scans such as Shodan and NMap while they can access these devices remotely to play any audio they want to. The compromised devices would allow any device connected to the same wireless network to access the APIs that are used to communicate with apps like Pandora or Spotify without user authentication.
Furthermore, researchers believe that the exploit would definitely be used to connect to nearby smart speakers like Google Home and Amazon Echo in order to control other smart features like smart lights, temperature controls and/or smart locks. Sensitive information like the IDs of other devices connected to the wireless network and their IP addresses can be obtained by hackers and targeted spear-phishing attacks can be launched to get more information.
As researchers noted: “If an attacker finds out what type of music or even an artist the user liked, it may provide an avenue for an attack. For example, the attacker could craft a spear-phishing email leveraging social engineering or promising tickets to an upcoming gig of the target’s favorite artist.”
Sonos and Bose both firms have been informed by Trend Micro regarding the identified security flaws. Sonos responded by stating that the issue is caused by ‘misconfiguration of a network’ and it impacts just a fraction of their customers, who have connected or exposed their devices to public networks.
“In the near term, anyone concerned about this issue should ensure their Sonos system is set-up on their secured internal network,” stated Sonos in an email.
Watch hackers demonstrating the attack:
Read more on Trend Micro [PDF].