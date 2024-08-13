Home > Latest News > Sonos Waited Nearly A Year To Publicly Acknowledge Hardware Security Flaw

Sonos Waited Nearly A Year To Publicly Acknowledge Hardware Security Flaw

By | 13 Aug 2024
Sonos

Nearly a year after it was first detected, Sonos has publicly admitted to a security flaw within its speakers.

After being made aware of a vulnerability in its hardware that allowed an attacker to capture audio in real time off some devices such as the Sonos One, Sonos issued a security patch update to the Sonos S2 system in October 2023, and an S1 update about a month later.

However, it publicly acknowledged that vulnerability in a bulletin only on August 1, 2024.

A presentation by NCC Group’s Robert Herrera and Alex Plaskett at the August Black Hat USA 2024 conference in Las Vegas showed how a Sonos One could be exploited due to a kernel vulnerability initiated by a flaw in the Wi-Fi stack.

The Sonos One was the first speaker from the company to use a microphone to allow for hands-free voice control.

As the Sonos One connects to a router, a “handshake” happens before wireless traffic is sent through, Herrera explained in an interview with Dark Reading. One of the packets exchanged was not properly validated, and that vulnerability is how an attacker could force their way into the device, and then access its microphones.

“We deploy a method of capturing all the audio data — all the microphone input in the room, in the vicinity of this Sonos device,” Plaskett told Dark Reading ahead of his and Herrera’s presentation.

An attacker is then “able to exfiltrate that data and play it back at a later date, and be able to play back all the recorded conversations from the room.”

The attacker couldn’t hear what was said before the exploit was leveraged. “You would need to exploit the Sonos device first to start the capture,” Plasket said. “And then once you start the capture, you only…have the data from within that period.”

While MediaTek, whose Wi-Fi stack was the root problem, issued its own security advisory in March 2024, Sonos waited until August this year to publicly acknowledge the flaw.

It did issue a patch within a couple of months of being made aware of the security flaw starting in October last year, but for reasons unknown did not publicly acknowledge this until this month.

Sonos is already under fire for its entire app debacle which CEO Patrick Spence has admitted that the company is spending between US$20 million (A$30.3 million) and US$30 million (A$45.5 million) to rectify.



