Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

IoT Security

Vulnerability Allowed Eavesdropping via Sonos Smart Speakers

Sonos has patched vulnerabilities in its smart speakers, including a serious flaw that could have been exploited to eavesdrop on users.

LAS VEGAS — BLACK HAT USA 2024 — NCC Group researchers have disclosed vulnerabilities found in Sonos smart speakers, including a flaw that could have been exploited to eavesdrop on users.

One of the vulnerabilities, tracked as CVE-2023-50809, can be exploited by an attacker who is in Wi-Fi range of the targeted Sonos smart speaker for remote code execution. 

The researchers demonstrated how an attacker targeting a Sonos One speaker could have used this vulnerability to take control of the device, covertly record audio, and then exfiltrate it to the attacker’s server.

Sonos informed customers about the vulnerability in an advisory published on August 1, but the actual patches were released last year. MediaTek, whose Wi-Fi SoC is used by the Sonos speaker, also released fixes, in March 2024. 

According to Sonos, the vulnerability affected a wireless driver that failed to “properly validate an information element while negotiating a WPA2 four-way handshake”.

“A low-privileged, close-proximity attacker could exploit this vulnerability to remotely execute arbitrary code,” the vendor said.

In addition, the NCC researchers discovered flaws in the Sonos Era-100 secure boot implementation. By chaining them with a previously known privilege escalation flaw, the researchers were able to achieve persistent code execution with elevated privileges.

NCC Group has made available a whitepaper with technical details and a video showing its eavesdropping exploit in action.

Advertisement. Scroll to continue reading.

Related: Internet-Connected Sonos Speakers Leak User Information 

Related: Hackers Earn $350k on Second Day at Pwn2Own Toronto 2023

Related: New ‘LidarPhone’ Attack Uses Robot Vacuum Cleaners for Eavesdropping

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Jill Popelka has been appointed CEO at Darktrace, after serving as COO for three months.

GitHub has appointed Alexis Wales as its new Chief Information Security Officer.

Cybersecurity and intelligence solutions provider Nightwing has appointed Christopher Jones as CTO and CDO.

More People On The Move

Expert Insights