Click to Skip Ad
Closing in...

Some smart speakers can be hijacked to play creepy sounds

Published Dec 27th, 2017 10:30PM EST
Sonos vs Bose speakers: Smart speaker security
Image: Sonos

Smart wireless speakers, like those from Sonos or Bose, have totally changed how I listen to music. Forget sacrificing your phone to the 3.5mm jack, or *shiver* putting a CD into the stereo — just fire up Spotify, find your Wi-Fi connected device, and hit play.

But to twist Uncle Ben’s words just a little: with great connectivity comes great responsibility. Specifically, the responsibility to make sure that hackers can’t hijack your smart speakers to play creepy sound files or control your voice-activated assistant. Unfortunately, it seems that Sonos and Bose have been slipping up a little in that regard.

As Wired reports, researchers at Trend Micro have discovered that some models of Sonos and Bose speaker, including the new Sonos One and Bose SoundTouch, can be hijacked by hackers and used to play an audio file of the hacker’s choosing. The exploit depends on a poorly-configured network, and the hacker having access to said network, but the end result is still that thousands of speakers are sitting unprotected, in the wild, ready to be hijacked:

The researchers warn that anyone with a compromised device on their home network, or who has opened up their network to provide direct access to a server they’re running to the external internet—say, to host a game server or share files—has potentially left their fancy speakers vulnerable to an epic aural prank.

“The unfortunate reality is that these devices assume the network they’re sitting on is trusted, and we all should know better than that at this point,” says Mark Nunnikhoven, a Trend Micro research director. “Anyone can go in and start controlling your speaker sounds,” if you have a compromised devices, or even just a carelessly configured network.

Trend Micro’s research found that 2,000 to 5,000 Sonos devices and 400 to 500 Bose devices were vulnerable to the elaborate hack. That number appears to be based on scanning with popular network testing tools, and the potential number of vulnerable devices may be higher.

It’s not just a purely theoretical hack, either: One Sonos customer earlier this year reported that her speaker started playing strange sounds like babies crying or glass breaking. She resorted to unplugging her speaker; you might just need to ensure that your network is properly protected, with no compromised devices or routers running default admin passwords.