- Majority of threats made since El Paso and Dayton shootings have been made online Thursday 8:00 PM
- Miley Cyrus tweets about cheating allegations and penis cake drama Thursday 6:32 PM
- ‘The Dark Crystal: Age of Resistance’ dazzles with a timely tale Thursday 6:00 PM
- The DOJ emailed a white nationalist blog post to immigration judges Thursday 5:31 PM
- The Amazon rainforest is on fire–and people are using memes to cope Thursday 4:11 PM
- Microsoft contractors listened in on Xbox users Thursday 2:15 PM
- Anti-vaxxer assaults pro-vaccine lawmaker on Facebook Live (updated) Thursday 2:15 PM
- Oreos licked by singer Lewis Capaldi are being auctioned off on eBay Thursday 1:54 PM
- Zach Braff predicted Sean Spicer would be on ‘Dancing With the Stars’ 2 years ago Thursday 1:38 PM
- NYPD sergeant who watched Eric Garner die punished with lost vacation days Thursday 1:27 PM
- Brie Larson haters have a meltdown over a joke about Thor’s hammer Thursday 1:26 PM
- This comedian attempted to make fun of women on Twitter—and it did not go over well Thursday 1:04 PM
- Logan Paul wants to help the Amazon rainforest Thursday 12:36 PM
- Nutaku announces redesign and filters for LGBTQ porn games (updated) Thursday 12:25 PM
- This video of dozens of inflatable mattresses taking off in the wind is perfect Thursday 12:20 PM
First reported by Wired, the exploit targets several well-known models of internet-connected speakers including the Bose SoundTouch, Sonos Play:1, and newly released Sonos One. The affected models can be discovered by hackers using simple scanning tools and are easy to break into if their owners leave their home Wi-Fi misconfigured.
Once a hacker discovers the speaker, they can transmit an audio file hosted from any URL, be it Rick Astley’s “Never Gonna Give You Up” or those inappropriate things Amazon Alexa likes telling little children. It appears one user’s speaker started playing breaking glass and crying baby sounds in the middle of the night.
Hackers could also potentially take control of smart speakers like Amazon Echo or Google Home. It’s possible, though unlikely, that an infected Sonos speaker could give commands to nearby personal assistants like Alexa or Siri. For example, the speaker could tell Amazon’s Alexa to open a smart garage door. Again, this is theoretical, but it could have major consequences.
The good news is that only a small percentage of these devices are vulnerable. Trend Micro discovered between 2,500 and 5,000 Sonos speakers and around 500 Bose models to be vulnerable to the audio attack.
“The unfortunate reality is that these devices assume the network they’re sitting on is trusted, and we all should know better than that at this point,” Mark Nunnikhoven, a researcher at Trend Micro, told Wired. “Anyone can go in and start controlling your speaker sounds.”
Sonos pushed out an update to fix some of the problems, but when approached by Wired, it said it would be “looking into this more.”
“What you are referencing is a misconfiguration of a user’s network that impacts a very small number of customers that may have exposed their device to a public network,” Sonos told Wired. “We do not recommend this type of set-up for our customers.”
The vulnerability affecting these devices is certainly unnerving, but it isn’t a critical threat—and it only applies to a handful of devices. Still, if you own a Sonos or Bose speaker, you may want to check your router settings or start looking for a good Bluetooth speaker.
Phillip Tracy is a former technology staff writer at the Daily Dot. He's an expert on smartphones, social media trends, and gadgets. He previously reported on IoT and telecom for RCR Wireless News and contributed to NewBay Media magazine. He now writes for Laptop magazine.