Some Bose and Sonos speakers connected to home Wi-Fi systems are randomly playing strange sounds and even music. Don’t worry, the devices are not haunted, but they are hacked.
Trend Micro researchers have found that certain models of Sonos and Bose speakers are vulnerable to hijacking.
What Speakers Are Being Targeted?
According to Wired, a small fraction of Sonos and Bose speakers are vulnerable. The models included are the Sonos Play:1, the Sonos One, and the Bose SoundTouch system.
This vulnerability allows someone to trick the speaker into playing an audio file remotely. Reportedly, all it takes is for the speaker to be connected to a misconfigured network, and a simple internet scan will get the hacker into the front door.
Once the hacker discovers the speaker through the internet scan, the API the speaker uses to communicate with apps can be used to tell the device to play any audio file hosted at a specific URL. Between 2,500 to 5,000 Sonos devices and 400 to 500 Bose speakers were found to be open to hijacking by the Trend Micro researchers.
A Sonos representative told Wired in an email that it is looking into the hacking more but stated this specific instance references a misconfiguration of a user’s network and impacts a very small number of users.
Are The Hackers Able To Steal Valuable Information?
While it is possible for a hacker to see information such as IP addresses and IDs of other connected devices, it is not likely in this instance, as the hacking is quite elaborate.
Instead, the hackers are essentially just pranksters who are using the technique to pull odd audio pranks on unsuspecting victims. According to the report, one woman said her Sonos started playing breaking glass and crying baby sounds in the middle of the night.
Unfortunately, because of the Sonos internal configuration, this isn’t the first time this has happened. In 2014, a developer made an interactive hack named Ghosty that essentially did this same kind of hijacking.
Sonos has clarified the vulnerability in a statement to Wired, but Bose has reportedly not addressed the issue so far. Sonos also released a software update, which should limit the amount of data that can be accessed using this exploit by users.
Although the vulnerability only affects a handful of Sonos and Bose owners, it is worth double checking the security and network they are connected to.