Latest in Gear

Image credit:

Some Sonos and Bose speakers are being remotely hijacked

This exploit only affects a fraction of connected devices.
Swapna Krishna, @skrishna
December 27, 2017
Share
Tweet
Share

Sponsored Links

Nathan Ingraham / Engadget

If you have a Sonos or Bose product connected to your home Wi-Fi system and you've been hearing some strange sounds out of it, the good news is that your speaker isn't haunted. The bad news is that it's possible someone has remotely gained access to your speaker and is tricking it into playing an audio file. Only a small fraction of Sonos and Bose speakers are vulnerable, but it's certainly a strange exploit to keep an eye out for.

The issue was first pinpointed by researchers at Trend Micro and reported on by Wired. Certain Bose and Sonos speakers can be found online via a simple scan. While only a fraction of speakers are vulnerable, hackers can access connected services such as Spotify and Pandora through the speaker, as well as trigger nearby smart speakers such as the Amazon Echo and Google Home.

Sonos clarified in an email to Wired that speakers vulnerable to this kind of hijacking are actually on misconfigured networks. Still, the company pushed out a software update that limits the amount of data a user can access in this kind of hack. Bose, however, appears to have taken no action to address the issue.

Again, this affects a very small subset of users, but it's something to think about if you've opened ports on your network for gaming or some other purpose. These speakers assume that the network they have access to is a trusted one. While use of this exploit might be limited to practical jokes, it's smart to limit access before people find a way to use this for more nefarious purposes.

In this article: bose, gear, security, sonos
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

The 2020 Engadget Holiday Gift Guide

The 2020 Engadget Holiday Gift Guide

View
Amazon’s free news app on Fire TV now features local stations

Amazon’s free news app on Fire TV now features local stations

View
'Call of Duty' season one update will launch December 16th

'Call of Duty' season one update will launch December 16th

View
Destiny 2's next-gen upgrade requires downloading the game again

Destiny 2's next-gen upgrade requires downloading the game again

View
Japan's Hayabusa2 probe returns its asteroid sample to Earth

Japan's Hayabusa2 probe returns its asteroid sample to Earth

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr