The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

Researchers Discover Sonos, Bose Smart Speakers Leaking Data, Open to Takeover



Researchers said Wednesday that some smart speakers, like Sonos' Play:1 and Bose's SoundTouch, leak data - something that could allow anyone to hijack the devices and play music.

Sonos was quick to fix an issue earlier this year that affected one of its smart home sound systems. If exploited an attacker could have take over devices, siphon up information on users, and play music or sounds of their own choosing.

Researchers with Trend Micro discovered the issues, some which also affect Bose’s SoundTouch smart speakers, and disclosed them in a report released on Wednesday. (.PDF)

The issue with Sonos’ Play:1 speakers, essentially a configuration page open for anyone to see, could let an attacker view information about what track is currently being played, what music libraries Sonos knows about, and even personal emails associated with services that may be connected to the device like Spotify.

The page can also let anyone perform debug options - like the ability to carry out a traceroute, ping, or mDNS announcement - with one click. An attacker could also use information gathered through the page to look for wireless access points nearby and potentially target other devices like mobile devices, printers, and other computers, researchers said.

Researchers with the firm did some digging, mostly through Shodan - a service that that allows users to find devices, mostly IoT in nature, that are connected to the internet - to discover vulnerable devices.

According to researchers, like Sonos, Bose's SoundTouch, another Wi-Fi speaker set, has a page that lets users keep track of what accounts are connected to the device. The information is fed through an unauthenticated API that allows for full control of the speakers. An attacker could easily scrape data from the site, like email addresses connected to accounts, for later use, Stephen Hilt, a researcher with the firm said.

Users who try to go the Sonos page now receive an HTTP error code 412 (precondition failed). Sonos also applied an update in September to the speakers that forbids some information leakage, something researchers called a step in a right direction. Bose has not yet addressed the issues highlighted by Trend Micro, nor did the company immediately respond to a request for comment on Thursday.

The issues in both speakers could seemingly be remedied by not leaving the devices exposed to the internet, a common mistake made by users with IoT devices over the last several years.

Security firm Rapid7 found millions of sensitive services - 15 million nodes offering Telnet, 11.2 million relational database nodes, and 4.5 million printer services - exposed to the internet two years ago. The company, which releases an annual National Exposure Index report found 160 million ports exposed to the internet last summer. 5.5 million devices were susceptible to WannaCry, the ransomware that crippled parts of Europe, in addition to other parts of the globe, earlier this year.

Image copyright: peus / 123RF Stock Photo

Chris Brook

WHITEPAPERS

Data Protection Security Audit Checklist

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.