If you haven’t powered on your Sonos speakers in a while, now might be a good time to fire up the app.
Researchers at Trend Micro have discovered a potential hack that allows people to access Sonos Play:1, Sonos One, and Bose SoundTouch systems. The speakers can be taken over via an online scan, allowing hackers to play music through your speakers even though you haven’t granted them specific access to your Wi-Fi network.
Admittedly, as hacks go, getting your living room RickRolled (because yes, someone has already used this hack for that) isn’t the worst possible thing that could happen, but it’s still something you’d probably like to avoid.
Technically hackers could also use it to play commands for an Alexa or Google Home device, which depending on what you have connected to those devices could make the situation much worse. Wired notes that some people have also experienced hackers playing sounds like crying babies or broken glass in the middle of the night through the speakers to startle their owners — not exactly what you want to wake up to, especially if you live alone.
A Sonos rep told Wired: “looking into this more, but what you are referencing is a misconfiguration of a user’s network that impacts a very small number of customers that may have exposed their device to a public network. We do not recommend this type of set-up for our customers.”
The good news is the hack only affects a small number of users. The researchers claim roughly 2,000 to 5,000 Sonos speakers are affected and only 500 Bose units, and there’s already a patch available for Sonos users you’ve just got to fire up the app to get it (if you haven’t already).