According to Trend Micro researchers, a flaw in some wireless speakers of both brands would allow hackers to take control of it from a distance.
This is a problematic report for wireless speakers from Sonos and Bose. Stephen Hilt of Trend Micro and reveals that some models are victims of a security breach to take control from a distance.
Accessible from the local network, they are not secure enough. An attacker could access it to play the audio files. If he is a pleasant joker, he could give you unbearable music at any time of the day or night. But, a less well-intentioned person could listen to you discreetly and pose a real problem for your privacy and your personal data.
Some recorded files as well could even be used to take control of a personal assistant like Google Home or Amazon Echo. This is what the researchers did, as they indicate in their report. No wonder when we remember the various bugs encountered on Google Home, especially during advertising.
Last problem, identifying the speakers would not be difficult at first. From a simple search with tools like NMap or Shodan, we get a list of devices.
The only "good news" in the end is that not all speakers of both brands are affected. According to the researchers, the problem would mainly affect the models Sonos Play: 1, Sonos One and Bose SoundTouch.
This is a problematic report for wireless speakers from Sonos and Bose. Stephen Hilt of Trend Micro and reveals that some models are victims of a security breach to take control from a distance.
The Bose and Sonos speakers are victims of a big security breach!
Accessible from the local network, they are not secure enough. An attacker could access it to play the audio files. If he is a pleasant joker, he could give you unbearable music at any time of the day or night. But, a less well-intentioned person could listen to you discreetly and pose a real problem for your privacy and your personal data.
Some recorded files as well could even be used to take control of a personal assistant like Google Home or Amazon Echo. This is what the researchers did, as they indicate in their report. No wonder when we remember the various bugs encountered on Google Home, especially during advertising.
Last problem, identifying the speakers would not be difficult at first. From a simple search with tools like NMap or Shodan, we get a list of devices.
Several thousand devices would be affected
The only "good news" in the end is that not all speakers of both brands are affected. According to the researchers, the problem would mainly affect the models Sonos Play: 1, Sonos One and Bose SoundTouch.
What if you own one of these brand speakers?
Sonos has so far pledged to deploy a security update. The company is also reassuring in explaining that it was necessary to be connected to the local network to carry out this type of attacks. We're still waiting for Bose to make an announcement. In the meantime, if you are not reassured, few options exist apart from unplugging your speaker.
0 comments:
Post a Comment