There’s a story that is making the rounds from Wired that will be of interest to those who own Bose or Sonos wireless speakers:
Researchers at Trend Micro have found that some models of Sonos and Bose speakers—including the Sonos Play:1, the newer Sonos One, and Bose SoundTouch systems—can be pinpointed online with simple internet scans, accessed remotely, and then commandeered with straightforward tricks to play any audio file that a hacker chooses. Only a small fraction of the total number of Bose and Sonos speakers were found to be accessible in their scans. But the researchers warn that anyone with a compromised device on their home network, or who has opened up their network to provide direct access to a server they’re running to the external internet—say, to host a game server or share files—has potentially left their fancy speakers vulnerable to an epic aural prank.
While this isn’t epic pwnage on the scale of an Equifax or someting, this sounds pretty dire. Speakers that can be pwned from the Internet? Scary right?
Actually no.
The problem with this story is this. The key point is in red:
But the researchers warn that anyone with a compromised device on their home network, or who has opened up their network to provide direct access to a server they’re running to the external internet—say, to host a game server or share files—has potentially left their fancy speakers vulnerable to an epic aural prank.
So, part of the way to pull off this hack is to have your network in whole (which would be dumb) or in part (which would be a questionable idea at best) to be exposed to the Internet. While there are likely things that both Sonos and Bose can do to tighten things up when it comes to their wireless speakers, they are not the problem here. Besides, having a network that is open in whole or in part to the outside world potentially exposes everything on that network to pwnage. Thus this isn’t a story about a vulnerability in wireless speakers. It’s a story about people doing dumb things when it comes to network security. That’s why this story is a non story.
Bottom line: Nothing to see here. Move along.
Like this:
Like Loading...
Related
This entry was posted on December 28, 2017 at 1:15 pm and is filed under Commentary with tags Bose, Security, Sonos. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Why The Wireless Speaker Hack Story Is A Non Story
There’s a story that is making the rounds from Wired that will be of interest to those who own Bose or Sonos wireless speakers:
Researchers at Trend Micro have found that some models of Sonos and Bose speakers—including the Sonos Play:1, the newer Sonos One, and Bose SoundTouch systems—can be pinpointed online with simple internet scans, accessed remotely, and then commandeered with straightforward tricks to play any audio file that a hacker chooses. Only a small fraction of the total number of Bose and Sonos speakers were found to be accessible in their scans. But the researchers warn that anyone with a compromised device on their home network, or who has opened up their network to provide direct access to a server they’re running to the external internet—say, to host a game server or share files—has potentially left their fancy speakers vulnerable to an epic aural prank.
While this isn’t epic pwnage on the scale of an Equifax or someting, this sounds pretty dire. Speakers that can be pwned from the Internet? Scary right?
Actually no.
The problem with this story is this. The key point is in red:
But the researchers warn that anyone with a compromised device on their home network, or who has opened up their network to provide direct access to a server they’re running to the external internet—say, to host a game server or share files—has potentially left their fancy speakers vulnerable to an epic aural prank.
So, part of the way to pull off this hack is to have your network in whole (which would be dumb) or in part (which would be a questionable idea at best) to be exposed to the Internet. While there are likely things that both Sonos and Bose can do to tighten things up when it comes to their wireless speakers, they are not the problem here. Besides, having a network that is open in whole or in part to the outside world potentially exposes everything on that network to pwnage. Thus this isn’t a story about a vulnerability in wireless speakers. It’s a story about people doing dumb things when it comes to network security. That’s why this story is a non story.
Bottom line: Nothing to see here. Move along.
Share this:
Like this:
Related
This entry was posted on December 28, 2017 at 1:15 pm and is filed under Commentary with tags Bose, Security, Sonos. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.