Level 30
Feb 4, 2016
Operating System
Windows 8.1
Similar vulnerabilities affect some Sonos and Bose smart speakers that allow hackers to take over devices, collect data on users, and even make devices to play desired audio tracks.

The vulnerabilities can be exploited by attackers looking for an entry point into corporate networks, but also to play pranks on unsuspecting users.

Discovered by Stephen Hill, Senier Threat Researcher at Trend Micro, the flaws are detailed in depth in 47-page report the company released earlier today.

The flaws were confirmed in Sonos Play:1 and Bose SoundTouch smart speakers, but more models could be affected. Trend Micro notified both companies. Sonos rolled out a patch, while Bose has yet to respond to researchers.
Bose devices have similar flaw
For Bose devices, the flaw Trend Micro reported is of a similar nature, in the form of a similar status page and API that allow attackers to gather similar information on device owners.

The issues in the devices of both vendors appear to be just an overlooked design flaw, as both could be easily hidden behind a login panel and prevent attackers from having direct access to these functions, even when the device needs to be left online for legitimate reasons. But in many cases, such devices should not be left online.

Most people seem to have understood this issue, as there's a very small number of Sonos and Bose devices connected online. Currently, the number is around 4,000-5,000 Sonos speakers and around 500 Bose speakers.

Hill also recorded a video describing the flaws he found in the two products. The video is embedded below.
Likes: Solarquest