If you have a Sonos or Bose product connected to your home Wi-Fi system and you’ve been hearing some strange sounds out of it, the good news is that your speaker isn’t haunted. The bad news is that it’s possible someone has remotely gained access to your speaker and is tricking it into playing an audio file.

The issue was first pinpointed by researchers at Trend Micro and reported on by Wired.

https://www.wired.com/story/hackers-can-rickroll-sonos-bose-speakers-over-internet/

Certain Bose and Sonos speakers can be found online via a simple scan. While only a fraction of speakers are vulnerable, hackers can access connected services such as Spotify and Pandora through the speaker, as well as trigger nearby smart speakers such as the Amazon Echo and Google Home. Sonos clarified in an email to Wired that speakers vulnerable to this kind of hijacking are actually on misconfigured networks. Still, the company pushed out a software update that limits the amount of data a user can access in this kind of hack. This is something to think about if you’ve opened ports on your network for gaming or some other purpose. These speakers assume that the network they have access to is a trusted one. While use of this exploit might be limited to practical jokes, it’s smart to limit access before people find a way to use this for more nefarious PURPOSES.

Mike Semel