- RIP: The best free trial in all of streaming entertainment Today 2:19 PM
- Which ‘Florida Man’ are you? Today 1:06 PM
- Hundreds of millions of Facebook passwords were accessible to employees Today 12:55 PM
- ‘Bitch I’m Bella Thorne’ morphs into TikTok dyslexia meme Today 12:17 PM
- Marvel is auctioning props and costumes from Netflix’s ‘Defenders’ franchise Today 12:12 PM
- Net neutrality advocates plan online watch party for the ‘Save the Internet’ Act Today 12:01 PM
- Tim Cook turns his iPad meme into an AirPod meme Today 11:46 AM
- Auschwitz Memorial asks visitors to stop taking playful photos at Holocaust site Today 11:33 AM
- The best Korean beauty products for $15 or less Today 10:50 AM
- PewDiePie’s reign as the No. 1 YouTuber seems to be over Today 10:43 AM
- Amazon’s ‘Hanna’ miniseries offers a more conventional take on the teen spy thriller Today 10:42 AM
- Conservative writer tweets about bombing a university after women are hired Today 10:16 AM
- YouTube star Ice Poseidon reportedly raided by FBI Today 10:11 AM
- Devin Nunes is threatening to sue more people who mock him on Twitter Today 10:10 AM
- The Economist faces blowback for asking if trans people should be sterilized Today 9:50 AM
First reported by Wired, the exploit targets several well-known models of internet-connected speakers including the Bose SoundTouch, Sonos Play:1, and newly released Sonos One. The affected models can be discovered by hackers using simple scanning tools and are easy to break into if their owners leave their home Wi-Fi misconfigured.
Once a hacker discovers the speaker, they can transmit an audio file hosted from any URL, be it Rick Astley’s “Never Gonna Give You Up” or those inappropriate things Amazon Alexa likes telling little children. It appears one user’s speaker started playing breaking glass and crying baby sounds in the middle of the night.
Hackers could also potentially take control of smart speakers like Amazon Echo or Google Home. It’s possible, though unlikely, that an infected Sonos speaker could give commands to nearby personal assistants like Alexa or Siri. For example, the speaker could tell Amazon’s Alexa to open a smart garage door. Again, this is theoretical, but it could have major consequences.
The good news is that only a small percentage of these devices are vulnerable. Trend Micro discovered between 2,500 and 5,000 Sonos speakers and around 500 Bose models to be vulnerable to the audio attack.
“The unfortunate reality is that these devices assume the network they’re sitting on is trusted, and we all should know better than that at this point,” Mark Nunnikhoven, a researcher at Trend Micro, told Wired. “Anyone can go in and start controlling your speaker sounds.”
Sonos pushed out an update to fix some of the problems, but when approached by Wired, it said it would be “looking into this more.”
“What you are referencing is a misconfiguration of a user’s network that impacts a very small number of customers that may have exposed their device to a public network,” Sonos told Wired. “We do not recommend this type of set-up for our customers.”
The vulnerability affecting these devices is certainly unnerving, but it isn’t a critical threat—and it only applies to a handful of devices. Still, if you own a Sonos or Bose speaker, you may want to check your router settings or start looking for a good Bluetooth speaker.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.