- TikTok star Mohit Mor shot and killed 1 Year Ago
- Stephen A. Smith is baby 1 Year Ago
- Tfue releases statement on FaZe Clan lawsuit, says his contract is ‘f*cked’ 1 Year Ago
- People are using an app to out gropers on Japan’s subway Today 11:24 AM
- Trump misspelled ‘accomplishments’ on handwritten notes, photo shows Today 11:12 AM
- HUD proposal would allow homeless shelters to refuse trans people Today 10:44 AM
- Disney’s ‘Aladdin’ remake isn’t terrible Today 10:11 AM
- Police under investigation after running over 1-year-old child Today 9:16 AM
- Who is Jannah, the breakout star of ‘Star Wars: The Rise of Skywalker’? Today 9:10 AM
- Trump revives his ‘dumb as a rock’ insult for Rex Tillerson Today 9:03 AM
- Forget Hot Jafar. All hail Fat Ursula Today 8:14 AM
- How to watch ‘The Affair’ for free Today 8:00 AM
- Olivia Wilde’s ‘Booksmart’ is a teen comedy that will actually age well Today 7:45 AM
- Conservative rising star Kyle Kashuv busted using the N-word a whole bunch Today 7:14 AM
- How to watch ‘The Name of the Rose’ for free Today 7:00 AM
First reported by Wired, the exploit targets several well-known models of internet-connected speakers including the Bose SoundTouch, Sonos Play:1, and newly released Sonos One. The affected models can be discovered by hackers using simple scanning tools and are easy to break into if their owners leave their home Wi-Fi misconfigured.
Once a hacker discovers the speaker, they can transmit an audio file hosted from any URL, be it Rick Astley’s “Never Gonna Give You Up” or those inappropriate things Amazon Alexa likes telling little children. It appears one user’s speaker started playing breaking glass and crying baby sounds in the middle of the night.
Hackers could also potentially take control of smart speakers like Amazon Echo or Google Home. It’s possible, though unlikely, that an infected Sonos speaker could give commands to nearby personal assistants like Alexa or Siri. For example, the speaker could tell Amazon’s Alexa to open a smart garage door. Again, this is theoretical, but it could have major consequences.
The good news is that only a small percentage of these devices are vulnerable. Trend Micro discovered between 2,500 and 5,000 Sonos speakers and around 500 Bose models to be vulnerable to the audio attack.
“The unfortunate reality is that these devices assume the network they’re sitting on is trusted, and we all should know better than that at this point,” Mark Nunnikhoven, a researcher at Trend Micro, told Wired. “Anyone can go in and start controlling your speaker sounds.”
Sonos pushed out an update to fix some of the problems, but when approached by Wired, it said it would be “looking into this more.”
“What you are referencing is a misconfiguration of a user’s network that impacts a very small number of customers that may have exposed their device to a public network,” Sonos told Wired. “We do not recommend this type of set-up for our customers.”
The vulnerability affecting these devices is certainly unnerving, but it isn’t a critical threat—and it only applies to a handful of devices. Still, if you own a Sonos or Bose speaker, you may want to check your router settings or start looking for a good Bluetooth speaker.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.