If the Sonos or Bose speakers connected to your home Wi-Fi system are playing strange sounds all of a sudden there is an explanation for it. According to a report, a small fraction of Sonos and Bose speakers are vulnerable to remote hijacking. These include some models of the Sonos Play:1, the Sonos One, and Bose SoundTouch systems. What that means is that someone can use the vulnerability to trick the speakers into playing an audio file remotely.
Researchers at Trend Micro discovered this exploit which was later reported on by Wired. A simple scan is all that’s required to find some Sonos and Bose speakers online. The vulnerable speakers can be hijacked to access connected services like Spotify and Pandora. They can even be used to trigger nearby smart speakers like the Google Home and Amazon Echo.
Bose has reportedly not addressed the issue so far. Sonos clarified to the scribe that the speakers that are vulnerable to this exploit are actually on misconfigured networks. Nevertheless, it has released a software update which will limit the amount of data that can be accessed using this exploit by a user.
“The unfortunate reality is that these devices assume the network they’re sitting on is trusted, and we all should know better than that at this point,” explains Trend Micro research director Mark Nunnikhoven.
This vulnerability will most likely be used by pranksters looking to get some laughs out of it, but the researchers say that the vulnerability could also be used for more nefarious designs.