If you own a Sonos or Bose speaker, listen up.

Security researchers at Trend Micro have discovered that certain speaker models from Bose and Sonos, including the Sonos Play:1, Sonos One, and Bose SoundTouch, can be hacked and made to play any audio file, according to Wired, which spoke to the researchers.

Credit: Sonos
(Image credit: Sonos)

According to the report, the researchers believe the number of potentially vulnerable devices is rather small, but unsuspecting users could soon find that their speakers are playing tracks without their consent.

Hackers looking to play audio in your house need only to scan the Internet looking for markers of a Sonos or Bose speaker. With little effort, they can connect to those speakers and remotely play audio. They're able to access the speakers because the affected Sonos and Bose devices are running on networks that have access to external servers, like game servers or file shares.

MORE: How to Secure Your (Easily Hackable) Smart Home

To test their theory, the researchers used scanning tools NMap and Shodan, according to Wired. They quickly discovered up to 5,000 Sonos devices and up to 500 Bose speakers running and accessible at any given time. By tapping into the API that the speakers use to access services like Spotify and others, the hackers could serve an audio file to the devices and make them play that track.

But the researchers went even further. They found that by creating audio tracks with commands aimed at Amazon's Echo or Google Home, they could even control smart home devices. For instance, a simple command like, "Alexa, open the front door lock," the hackers could conceivably open your front door and gain access to your home if you have a compatible lock controlled with Alexa.
Hackers who wanted to dig a bit deeper could also go so far as to identify your home network IP address and information about the devices that are connected to your speakers. That information could be used in other attacks.

In a statement to Wired, a Sonos spokesperson wrote that the company is "looking into this more, but what you are referencing is a misconfiguration of a user’s network that impacts a very small number of customers that may have exposed their device to a public network. We do not recommend this type of set-up for our customers."

Bose has yet to comment on this security issue, but we will update this article should the company provide a statement.

  • Your Router's Security Stinks: Here's How to Fix It
  • 16 Cheap Bluetooth Speakers (Under $40) Ranked From Best to Worst
  • Best Smart Speakers - Wi-Fi Speakers With Virtual Assistants

Get instant access to breaking news, the hottest reviews, great deals and helpful tips.

Thank you for signing up to Tom's Guide. You will receive a verification email shortly.

There was a problem. Please refresh the page and try again.

No spam, we promise. You can unsubscribe at any time and we'll never share your details without your permission.