Some Sonos and Bose speakers are being remotely hijacked
This exploit only affects a fraction of connected devices.
If you have a Sonos or Bose product connected to your home Wi-Fi system and you've been hearing some strange sounds out of it, the good news is that your speaker isn't haunted. The bad news is that it's possible someone has remotely gained access to your speaker and is tricking it into playing an audio file. Only a small fraction of Sonos and Bose speakers are vulnerable, but it's certainly a strange exploit to keep an eye out for.
The issue was first pinpointed by researchers at Trend Micro and reported on by Wired. Certain Bose and Sonos speakers can be found online via a simple scan. While only a fraction of speakers are vulnerable, hackers can access connected services such as Spotify and Pandora through the speaker, as well as trigger nearby smart speakers such as the Amazon Echo and Google Home.
Sonos clarified in an email to Wired that speakers vulnerable to this kind of hijacking are actually on misconfigured networks. Still, the company pushed out a software update that limits the amount of data a user can access in this kind of hack. Bose, however, appears to have taken no action to address the issue.
Again, this affects a very small subset of users, but it's something to think about if you've opened ports on your network for gaming or some other purpose. These speakers assume that the network they have access to is a trusted one. While use of this exploit might be limited to practical jokes, it's smart to limit access before people find a way to use this for more nefarious purposes.
