Hackers Might Be Able to Access Sono Speakers
Researchers at Trend Micro have discovered a potential hack that allows people to access Songs Play:1, Songs One, and Bose SoundTouch systems. The Sono speakers are taken over through an online scan. It allows hackers to play music through your speakers. Even though you have not granted them specific access to your Wi-Fi network.
The compact, yet surprisingly powerful PLAY:1 delivers deep, crystal clear sound and fits just about anywhere. For example, the work-surface in your kitchen. That bookshelf in your study. Or in any other snug space where you’d like some big music.
The speaker is able to use Wi-Fi independently or a Sonos Bridge, Boost or itself by Ethernet connection to a router to form a wireless peer-to-peer mesh network called SonosNet with other speakers. It allows the user to play separate or identical media on one, many and/or all speakers within the network. The Wi-Fi can be manually disabled through the source code.
The Sonos Controller app mainly controls and sets up the speaker, but can also connect other music services like Spotify, Apple Music, TuneIn, and others. If the speaker is paired with others, then the same or different media can be played. The Trueplay feature allows the use of a phone to acoustically tune the surroundings of the speaker and adjusts based on its data. It also is able to play songs from a supported NAS drive.
Hackers could also use it to play commands for an Alexa or Google Home device. It depends on what you have connected to those devices could make the situation much worse. Wired notes that some people have also experienced hackers playing sounds like crying babies or broken glass in the middle of the night through the speakers to alarm their owners.
The good news is the hack only affects a small number of users. The researchers claim roughly 2,000 to 5,000 Sonos speakers are affected and only 500 Bose units. There is already a patch available for Sonos users you’ve just got to fire up the app to get it if you haven’t already.