Hacker can control models of Sonos and Bose speakers
english text to speech voices
Some models of Sonos and Bose speakers exist vulnerability that allows the hacker to use these devices to play sound weird or send Alexa command, thereby affecting these intelligent voice assistant speakers controlled door locks, air conditioning, and lighting of smart home technology.
Attacker through scanning the Internet found loopholes in the device. Once a vulnerable speaker is found, attackers can instruct these devices through the API to play any audio file on a particular URL.
“The impacted models allow any device on the same network to access the APIs they use to interface with apps like Spotify or Pandora without any sort of authentication.” reads the post published by Wired. “Tapping into that API, the researchers could simply ask the speakers to play an audio file hosted at any URL they chose, and the speakers would obey.”
Trend Micro security experts have found that there is a risk of audio hijacking for 2,500 to 5,000 Sonos devices and 400 to 500 Bose devices. Even more surprising is that the Voice Assistant device can control the smart home technology of locks, air conditioners and lighting equipment to launch attacks. 2018, due to smart home and other things security equipment problems caused by the Internet of Things security issues will become increasingly frequent. On the matter, Trend Micro said,
Whereas previous studies focused on seizing control of speakers like the Amazon Echo and Google Home, the results of our case study led to unique findings. These include security gaps that resulted from a simple open port that gave anyone on the internet access to the device and user information.” reads the post published by Trend Micro. “The first glaring finding was access to email addresses that are linked to music streaming services synced with the device. Another was access to a list of devices as well as shared folders that were on the same network as the test device. “
Gloss