Click to Skip Ad
Closing in...
  1. Amazon Dash Smart Shelf
    15:16 Deals

    I’m obsessed with this Amazon gadget you’ve never heard of – and it&#821…

  2. Prime Day Deals 2021
    04:05 Deals

    Amazon Prime Day deals 2021: See hundreds of the best deals right here

  3. Prime Day Nest Thermostat Deal
    16:28 Deals

    The newest Nest Thermostat rarely goes on sale, but it’s $99.98 for Prime Day

  4. Prime Day DNA Test Deals
    07:17 Deals

    23andMe’s best-selling DNA test is $100 off for Prime Day

  5. Best Prime Day Deals 2021
    13:41 Deals

    Prime Day secrets: All of Amazon’s deepest discounts are on this one hidden page

Some smart speakers can be hijacked to play creepy sounds

December 27th, 2017 at 10:30 PM
Sonos vs Bose speakers: Smart speaker security

Smart wireless speakers, like those from Sonos or Bose, have totally changed how I listen to music. Forget sacrificing your phone to the 3.5mm jack, or *shiver* putting a CD into the stereo — just fire up Spotify, find your Wi-Fi connected device, and hit play.

But to twist Uncle Ben’s words just a little: with great connectivity comes great responsibility. Specifically, the responsibility to make sure that hackers can’t hijack your smart speakers to play creepy sound files or control your voice-activated assistant. Unfortunately, it seems that Sonos and Bose have been slipping up a little in that regard.

As Wired reports, researchers at Trend Micro have discovered that some models of Sonos and Bose speaker, including the new Sonos One and Bose SoundTouch, can be hijacked by hackers and used to play an audio file of the hacker’s choosing. The exploit depends on a poorly-configured network, and the hacker having access to said network, but the end result is still that thousands of speakers are sitting unprotected, in the wild, ready to be hijacked:

The researchers warn that anyone with a compromised device on their home network, or who has opened up their network to provide direct access to a server they’re running to the external internet—say, to host a game server or share files—has potentially left their fancy speakers vulnerable to an epic aural prank.

“The unfortunate reality is that these devices assume the network they’re sitting on is trusted, and we all should know better than that at this point,” says Mark Nunnikhoven, a Trend Micro research director. “Anyone can go in and start controlling your speaker sounds,” if you have a compromised devices, or even just a carelessly configured network.

Trend Micro’s research found that 2,000 to 5,000 Sonos devices and 400 to 500 Bose devices were vulnerable to the elaborate hack. That number appears to be based on scanning with popular network testing tools, and the potential number of vulnerable devices may be higher.

It’s not just a purely theoretical hack, either: One Sonos customer earlier this year reported that her speaker started playing strange sounds like babies crying or glass breaking. She resorted to unplugging her speaker; you might just need to ensure that your network is properly protected, with no compromised devices or routers running default admin passwords.

Popular News