Latest in Gear

Image credit: Nathan Ingraham / Engadget

Some Sonos and Bose speakers are being remotely hijacked

This exploit only affects a fraction of connected devices.
414 Shares
Share
Tweet
Share
Save

Sponsored Links

Nathan Ingraham / Engadget

If you have a Sonos or Bose product connected to your home Wi-Fi system and you've been hearing some strange sounds out of it, the good news is that your speaker isn't haunted. The bad news is that it's possible someone has remotely gained access to your speaker and is tricking it into playing an audio file. Only a small fraction of Sonos and Bose speakers are vulnerable, but it's certainly a strange exploit to keep an eye out for.

The issue was first pinpointed by researchers at Trend Micro and reported on by Wired. Certain Bose and Sonos speakers can be found online via a simple scan. While only a fraction of speakers are vulnerable, hackers can access connected services such as Spotify and Pandora through the speaker, as well as trigger nearby smart speakers such as the Amazon Echo and Google Home.

Sonos clarified in an email to Wired that speakers vulnerable to this kind of hijacking are actually on misconfigured networks. Still, the company pushed out a software update that limits the amount of data a user can access in this kind of hack. Bose, however, appears to have taken no action to address the issue.

Again, this affects a very small subset of users, but it's something to think about if you've opened ports on your network for gaming or some other purpose. These speakers assume that the network they have access to is a trusted one. While use of this exploit might be limited to practical jokes, it's smart to limit access before people find a way to use this for more nefarious purposes.

Source: Wired
In this article: bose, gear, security, sonos
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
414 Shares
Share
Tweet
Share
Save

Popular on Engadget

The 2019 Engadget Holiday Gift Guide

The 2019 Engadget Holiday Gift Guide

View
YouTube's Rewind 2019 video learns from last year's mistakes

YouTube's Rewind 2019 video learns from last year's mistakes

View
Apple may ditch the Lightning port on a 2021 iPhone

Apple may ditch the Lightning port on a 2021 iPhone

View
Google's powerful Recorder app now works on older Pixel phones

Google's powerful Recorder app now works on older Pixel phones

View
Are the Radeon RX 5700 and 5700 XT ideal GPUs for your gaming PC?

Are the Radeon RX 5700 and 5700 XT ideal GPUs for your gaming PC?

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr