Bose, Sonos Speakers Vulnerable To Remote Hijacking And Nefarious Network Spying
Trend Micro set out to see just how safe and secure (or not secure, really) today's IoT devices are, and to what extent an attacker can manipulate these gadgets. In one example, Trend Micro examined a couple of popular products, the Sonos
Sonos was quick to close security gaps in its Play:1 speakers after being alerted by Trend Micro. (Image Source: Sonos)
"After the tests, we reached out to Sonos, which responded quickly to fix the security gaps. The gaps addressed include a denial-of-service (DoS) bug which now returns an HTTP error code 412 (Precondition failed). A more detailed account of the updates made by Sonos can be found in the case study. We also reached out to Bose and are currently waiting for their response," Trend Micro stated in a blog post.
Source: Trend Micro
"Aside from finding an entry point, an attacker could use the exposed information for spear-phishing. By studying the target’s musical preference based on the tracks being played, an attacker can tailor-fit an email and send it to the email address linked to the target’s music streaming account. This increases the success rate of schemes to compromise businesses too," Trend Micro added.
The smart speaker market is growing, and as we saw when the IoT market as a whole started to boom, security can be lax. That's a problem when you consider all of the personal data that is collected and managed by Internet-connected products. As Trend Micro notes, securing them should be just as important as ease of use.