Smart sound systems are supposed to make your lives easier and give your ears the perfect sounds they deserve. They are not intended to put the fear of God in you. Trend Micro, a data security firm, discovered that some Bose and Sonos speakers are not only vulnerable to hacking but that hackers are playing ghost sounds and Rick Astley songs through other people’s speakers.
Not all of the speakers are affected, but a few Sonos Play:1, the Sonos One, and the Bose SoundTouch have been exposed to this spooky trick. Trend Micro researchers found that these affected speakers only need to connect to a misconfigured network.
A simple internet scan then connects to the speaker, and through the API, the speakers can be told to play an audio file through a specified URL. The researchers claim that somewhere between 2,500 to 5,000 Sonos speakers and 400 to 500 Bose devices are exposed to this sound hijacking.
Sonos gave a statement to Wired, ” We are looking into this more, but what you are referencing is a misconfiguration of a user’s network that impacts a very small number of customers that may have exposed their device to a public network. We do not recommend this type of setup for our customers.”
This is not the first time that Sonos has had an issue like this. Due to its open API, a hacker named Ghosty played spooky sounds through people’s speakers. This time, one woman claimed that her speaker was projecting the sound of breaking glass and crying baby sounds while she slept.
It is possible but unlikely that someone could use this vulnerability to steal IDs from other devices or IP addresses. Sonos expects that it will only be used for these strange audio pranks. If you are worried about being exposed, make sure that you are connected to a secure network.