If you own one of a few models of the internet-connected speaker and have been hearing some strange sounds out of it such as ghostly creaks and moans or random Rick Astley tunes, here is a bad news for you. Researchers at Trend Micro have discovered how were Sonos and Bose’s internet-connected speakers remotely hacked and made to play any song or sound the hacker chooses.
According to Wired, the Sonos Play:1, Sonos One, and Bose SoundTouch system are "pinpointed online with simple Internet scans, accessed remotely, and then commandeered with straightforward tricks to play any audio file that a hacker chooses."
Researchers discovered that scanning tools such as NMap and Shodan can quickly spot those exposed speakers. They have identified around 2,000-5,000 Sonos devices online and vulnerable, depending on the timing of their scans and between 400-500 Bose devices.
Apart from playing sounds through a victim's device, a hacker could also ascertain information such as "what file a vulnerable speaker is currently playing," "the name of someone's accounts on services such as Spotify and Pandora," and "the name of their Wi-Fi network." Hackers could also identify more detailed information, such as the IP addresses and device IDs of gadgets connected to the speaker.
Commenting on the issue Sonos said that “We’re looking into this more, but what is being referenced is a misconfiguration of a user’s network that impacts a very small number of customers that may have exposed their device to a public network. We do not recommend this type of set-up for our customers.”
For now, the whole thing seems to be largely prank-based but gives an alarming message to keep all the connected devices in your home secure and limit access before hackers find a way....