Researchers at Trend Micro have confirmed that some models (the Sonos Play:1, the Sonos One and the Bose SoundTouch) of both brands of speakers are vulnerable to hacking if the speaker is connected to a misconfigured network.
If the hackers find such a speaker, they can take control of the speaker and direct to play any audio file hosted at a specific URL.
It should be noted that this is an extremely exotic, fairly elaborate hack, and one that’s not likely to gain the hacker much, if anything in the way of useful information about the target network. Overwhelmingly, if and where this hack is seen at all, it will be used to play pranks on the target. About the worst thing that could happen is that the hacker would play a particularly annoying or alarming sound (a woman screaming, glass breaking, a baby crying or similar), which might lead to some sleepless nights or confusion, but not much else.
Even so, it’s worth making note of, because if a hacker is able to take control of a speaker connected to your network, it means that there’s a misconfiguration somewhere that could lead to a more serious hack down the road. If it happens to you, it’s well worth reviewing your network setup and security settings.
A spokesman for Sonos had this to say about the hack: “…looking into this more, but what you are referencing is a misconfiguration of a user’s network that impacts a very small number of customers that may have exposed their device to a public network. We do not recommend this type of set-up for our customers.”
Interestingly, this isn’t the first time such a hack has been seen. In 2014, a developer created a hack that went by the name “Ghosty” that did more or less the same thing.