Archive for Sonos

Why Is Sonos Still Using SMBv1 In Its Products? [UPDATED]

Posted in Commentary with tags on June 11, 2018 by itnerd

Recently I got called in to a client’s home to troubleshoot an issue with their Sonos speaker setup. The core issue was that the client was unable to play the music from her Windows 10 PC on the Sonos speaker that she had in the home. When I investigated this, I fired up Sonos Controller for Windows 10, then I did the following:

  1. Go to Manage
  2. Go to Music library settings
  3. Click Add
  4. Choose My music folder

When I did that, I got an error saying that “The computer <Insert Computer Name Here> Is Not Responding.” So what I read from that was that if the computer “wasn’t responding” there was no way for it to send music to the speaker. That was weird because the music library was local to the computer that she was using, so there should be no way I should be seeing that message.

I spent about 30 minutes troubleshooting this and found something that I found to be very weird and scary at the same time. The Sonos software for Windows 10 requires that the SMBv1 protocol be turned on for it to use the music on that PC. It was off in her case. More on how to fix that in a moment.

Here’s the problem with using SMBv1. This protocol. has been implicated in a variety of exploits and cyberattacks including the one that rocked the world not too long ago. Microsoft considers this to be enough of a threat that they have been turning off SMBv1 by default when you install any of their Windows 10 feature updates starting with the Fall Creators Update. And they have been warning users about the evils of the protocol as well since late last summer.

So why is Sonos using a protocol that is clearly so insecure that Microsoft who created the protocol in question is not only ditching the protocol, but is even naming and shaming Sonos and other companies that are still using it? That’s a good question. The closest thing to an answer that I have found are some extremely vague promises for SMBv2 or SMBv3 support from Sonos. But no hard and fast timelines for that support. That’s just craptastic on the part of Sonos as clearly they need to do something on this front because you know that that the next cyberattack that leverages SMBv1 is coming, and it would look really bad for Sonos to be the attack vector of that attack because they couldn’t pony up support for a protocol that Microsoft says that they shouldn’t be using.

Now back to how to fix this issue with Sonos Controller on Windows 10. If you understand that you are taking a bit of a risk with having SMBv1 turned on, here’s what you need to do:

  1. Open the Windows Control Panel
  2. Go to Programs and Features
  3. Go to Turn Windows Features on or off
  4. Select SMB 1.0/CIFS File Sharing Support
  5. Reboot your Windows machine.

That should make everything work again. But, like I said, there is a risk associated with this as the next cyberattack that uses this attack vector can pwn your computer. Plus it is entirely likely that future feature updates from Microsoft will turn SMBv1 off (which would require you to go through the above steps to turn it back on), or remove SMBv1 entirely.

Sonos really needs to address this issue sooner rather than later. Users should not ever have to run an insecure protocol just to use their products. So I am asking Sonos, will you fix this issue so that users of your products are secure? If so, when will you do it? No vague promises. Your users deserve a hard and fast date for this. Because Microsoft announced the depreciation of this protocol last year. Which means you truly have no excuse for not being on the ball when it comes to this. So when are Sonos users going to see some action on this front with an updated version of Sonos Controller that does not use SMBv1?

UPDATE: Apparently Sonos now has no choice but to fix this as soon as possible as the Windows 10 April 2018 Update not only turns SMBv1 off, but according to threads on Microsoft’s discussion forums like this one, you can’t turn it back on. Which means that any Sonos user who updates to April 2018 could be left unable to play music on their really expensive wireless speakers. It’s not clear if this is a bug or a deliberate attempt by Microsoft to force their users to stop using SMBv1. But I am leaning towards a bit from the former and a bit from the latter as a couple of Knowledge Base articles on the subject exist. Specifically KB4103721 and KB4100403. Both warn of a problem running programs from a shared folder via SMBv1. Both suggest that the workaround until a fix is available is to stop using SMBv1. Which again is a non starter for Sonos users who want to stream their music libraries from their Windows 10 computers.

Over to you Sonos.

 

Advertisements

Sonos Announces Sonos Beam & AirPlay 2 Support

Posted in Commentary with tags on June 6, 2018 by itnerd

Today, Sonos introduced Sonos Beam, the most versatile smart speaker for the living room, delivering incredible sound for virtually any streaming content and support for 80+ music services, support for Amazon Alexa at launch, and multiple voice assistants over time.

The $399 USD Sonos Beam will ship globally starting July 17 and is available for pre-order today on www.sonos.com.

With Beam, Sonos has combined three products into one – a Sonos smart speaker featuring Amazon Alexa, a sound bar that packs more than enough punch for most rooms, and the one device you need for all your music and streaming content in the living room. Like all Sonos speakers, Beam is part of the Sonos home sound system, meaning owners can easily integrate Beam into existing multi-room set-ups.

Sonos also announced that AirPlay 2 will be available on Sonos in July via a free software update. With AirPlay 2, you can play music and podcasts from their iOS devices directly on their Sonos speakers, including the new Sonos Beam, Sonos One, Playbase, and the second generation Play:5. With a single supported speaker, AirPlay content can be streamed to other Sonos speakers in the system. Customers also gain a new voice experience with the addition of Siri to start a track from Apple Music and play in any room on Sonos.

 

Sonos Introduces Speaker Sets

Posted in Commentary with tags on May 28, 2018 by itnerd

There are a lot of things you wouldn’t have just one of: socks, friends, potato chips. They’re always better when you have more than one. This is true of Sonos speakers too. The real magic happens when you live with it in more than one room. But there are still a lot of people who are only listening on one speaker, in one room.

There will be 8 different sets ranging from two to four room sets with Sonos Ones and home theater sets with Playbase and Playbar. Speaker sets start at $469.

Starter sets for your whole home:

  • 2 Sonos Ones: $469 (vs. $498 separately)
  • 3 Sonos Ones: $679 (vs. $747 separately)
  • 4 Sonos Ones: $899 (vs. $996 separately)
  • 2 Sonos Play:5: $1,169 (vs. $1,298 separately)

Home theater:

  • 3.1 set-up: $1,649 (vs. $1,798 separately)
  • 5.1 set-up: $2,118 (vs. $2,296 separately)

For more information go to sonos.com

Sonos Decides To #DeleteFacebook By Suspending Ads On Facebook Among Other Places

Posted in Commentary with tags , on March 23, 2018 by itnerd

A few minutes ago, I got a statement from Sonos which I will reprint below:

At Sonos, we believe all people have the right to know how their data is being collected and used, and that each of us has an obligation to honor the commitments we make to our customer’s privacy.  In response to the recent revelations about Cambridge Analytica and Facebook, we’ve decided to temporarily suspend all of our digital advertising on Facebook, Instagram, Google, YouTube and Twitter. We will also go dark on our Facebook and Instagram social accounts next week in solidarity with those seeking to build a healthier, more consumer-friendly tech ecosystem.

Instead, we’ll be contributing additional support to our Listen Better grantee Access Now for RightsCon, one of the only forums where tech companies engage directly with activists on equal terms, enabling solutions that can help forge a healthier technology ecosystem that works for everyone.

We think it’s important for those involved in creating tech to listen to the voices of those that are impacted by it, including the most marginalized, such as human rights defenders, LGBT people, and people of color. RightsCon is a forum that enables exactly that type of listening—and ultimately, action.

You can learn more about what we’re doing on our blog. Visit here: http://blog.sonos.com/en/facebook-internet-privacy/

Now, I called this an ad suspension. But it’s much deeper than that quite clearly as Sonos is sending a message here that I hope the companies that are mentioned above are paying attention to. Particularly Facebook as clearly the fallout from the Facebook data leak is very different than any other issue the platform has had to face. And requires immediate, sustained and transparent action to fix.

Why The Wireless Speaker Hack Story Is A Non Story

Posted in Commentary with tags , , on December 28, 2017 by itnerd

There’s a story that is making the rounds from Wired that will be of interest to those who own Bose or Sonos wireless speakers:

Researchers at Trend Micro have found that some models of Sonos and Bose speakers—including the Sonos Play:1, the newer Sonos One, and Bose SoundTouch systems—can be pinpointed online with simple internet scans, accessed remotely, and then commandeered with straightforward tricks to play any audio file that a hacker chooses. Only a small fraction of the total number of Bose and Sonos speakers were found to be accessible in their scans. But the researchers warn that anyone with a compromised device on their home network, or who has opened up their network to provide direct access to a server they’re running to the external internet—say, to host a game server or share files—has potentially left their fancy speakers vulnerable to an epic aural prank.

While this isn’t epic pwnage on the scale of an Equifax or someting, this sounds pretty dire. Speakers that can be pwned from the Internet? Scary right?

Actually no.

The problem with this story is this. The key point is in red:

But the researchers warn that anyone with a compromised device on their home network, or who has opened up their network to provide direct access to a server they’re running to the external internet—say, to host a game server or share files—has potentially left their fancy speakers vulnerable to an epic aural prank.

So, part of the way to pull off this hack is to have your network in whole (which would be dumb) or in part (which would be a questionable idea at best) to be exposed to the Internet. While there are likely things that both Sonos and Bose can do to tighten things up when it comes to their wireless speakers, they are not the problem here. Besides, having a network that is open in whole or in part to the outside world potentially exposes everything on that network to pwnage. Thus this isn’t a story about a vulnerability in wireless speakers. It’s a story about people doing dumb things when it comes to network security. That’s why this story is a non story.

Bottom line: Nothing to see here. Move along.

Sonos Introduces Playlist Potluck With Spotify

Posted in Commentary with tags on November 17, 2016 by itnerd

Sonos is introducing Playlist Potluck – a partnership with Spotify that encourages people to invite guests to RSVP to their holiday parties with a list of music suggestions. The role of music at these gatherings is essential so we’re taking the stress out of having to compile a playlist. And once the party is in full swing, guests can easily add to the queue with the Sonos app or directly through Spotify. And anyone who registers their event Playlist gets a chance to win a dinner for 10 with a renowned Canadian chef. Canada is one of eight countries participating in Playlist Potluck.

In support of Playlist Potluck, Sonos conducted a holiday study that delves into hosting, holiday gatherings and music.  Call it what you want – Friendsgiving, Friendsmas, or Friendsmakah – thanks to globalization and our increasingly busy, virtual lives, new friendship ceremonies are growing in popularity, especially this time of year which are all covered in the study.

With the help of music psychologist Dr. Daniel Müllensiefen and author Oliver Burkeman, Sonos spoke to 8,000 people in eight countries to find out what makes a holiday party tick.

Sonos knows music has a powerful effect on our relationships at home, but what happens when you invite friends over?

  • 75% agree that music helps break the ice
  • 61% say that music in the background makes the food and drink taste better
  • 62% feel that a good playlist at a party makes people more attractive

Please see here for the full survey results.

Sonos is also working on a special episode of the popular series Mind of a Chef. The hour-long episode will be available exclusively on Netflix in the U.S. and on YouTube globally, and will feature an inside look at chef and co-founder of Mission Chinese Food, Danny Bowien, and his very own Playlist Potluck. The episode debuts on December 1, 2016.

Sonos Coming To The Apple Store

Posted in Commentary with tags on September 26, 2016 by itnerd

Sonos announced today that they are expanding their collaboration with Apple and bringing Sonos into Apple’s physical and online retail stores. Two of their most popular speakers — the PLAY:1 and PLAY:5 — are immediately available at Apple.com in the US today, at 468 Apple Stores worldwide on October 5, and Apple’s online stores outside of the US starting November 2. Also, those who buy a Sonos system at Apple retail stores or at Apple.com between today and Dec. 31 will receive a free three-month subscription to Apple Music.

For more on how you can get your hands on Sonos speakers through Apple, head over here.