Producers of Internet-connected smart devices are integrating their products with widely-used applications as fast and as often as they can.
As a result, consumers are also rushing to get their hands on the latest releases of smartphones, tablets, and other smart devices to go along with the latest in web-based applications and technology.
One of the negatives in this rush to get the latest gadgets is that these products could be prone and vulnerable to security flaws or bugs – resulting in malware, ransomware, or other cybersecurity issues.
As part of an experiment to further test the safety and security of these devices, researchers from Trend Micro examined a set of Internet-connected Bluetooth speakers to check its built-in security features.
In their case study The Sound of a Targeted Attack, the Trend Micro team used the Sonos Play:1 as its test unit, while also looking into the Bose SoundTouch unit.
Below is a video detailing the research team’s study:
They could control the speaker remotely, while also playing music through their own connections.
The researchers’ findings included a denial-of-service (DoS) bug that resulted in an HTTP error code. The research team reached out to Sonos with their findings, and they promptly responded and issued a fix. More details of the findings and Sonos updates can be found in their case study.
Bose, on the other hand, has not responded to the Trend Micro team’s communications.
Compared to previous studies made on other speakers like Google Home and Amazon Echo, this case study showed more unique conclusions.
One of the other issues found were security gaps because of an open port that could lead cybercriminals to the device and user information.
Another more glaring issue found in the system was unsecured locations for users’ email addresses linked to music streaming apps linked to the device.
And yet another vulnerable part of the system was access to lists of devices and shared folders that were on the same connection as the test speaker.
To top it all off, the device’s activities were visible to the research team (e.g. which song was currently playing), they could control the speaker remotely, while also playing music through their own connections.
The repercussions of the research team’s finding go way past the loss of device control. Internet-connected speakers, and in effect, smart devices in general, might be giving away information to cybercriminals on the lookout for vulnerable devices or systems to hack into.
While it is a good thing that Sonos was able to patch their vulnerabilities, this does not bode well for the whole myriad of available smart devices in the market.
Comprehensive multi-device protection for you and your family for up to 6 PCs, Macs, Android, and iOS devices. For more info click here.