Hackers Targeting Connected Speakers from Sonos and Bose

A newly discovered hack by security researchers at Trend Micro seems to allow remote access to key speakers from Sonos and Bose, including the Sonos Play:1, Sonos One, and Bose SoundTouch systems. According to TechCrunch, the hack can locate these speakers through an online scan, allowing hackers to play music through the system remotely.

Fortunately, the number of vulnerable systems is relatively limited for now, with researchers claiming to have found between 2,000 and 5,000 compromised Sonos systems and less than 500 Bose speakers. A research director at Trend Micro explained that these devices assume the network they’re sitting on is trusted, allowing anyone to go in and start controlling the speaker sounds.

A spokesperson for Sonos told TechCrunch, “We’re looking into this more, but what is being referenced is a misconfiguration of a user’s network that impacts a very small number of customers that may have exposed their device to a public network. We do not recommend this type of set-up for our customers. In the near term, anyone concerned about this issue should ensure their Sonos system is set-up on their secured internal network.”

While Sonos has already issued a patch to help plug the hole, there is no official response yet from Bose regarding the matter.