This week at the Black Hat USA security conference, NCC Group revealed its latest research into the safety and security of consumer connectable products, sharing details of vulnerabilities researchers found in a range of Sonos smart speakers.
The vulnerabilities, which have since been patched by Sonos, exposed weaknesses in vital components of the devices that could enable attackers to circumvent security controls and covertly record all audio present.
NCC Group has also published a whitepaper documenting the research, detailing how each vulnerability affects different vital components of the devices, highlighting the need for improved security techniques and strategies for both the device vendor and their respective Original Equipment Manufacturers (OEMs).
Researchers uncovered:
- A remote over the-air (WiFi) attack on Sonos One devices, which could have been used to enable covert recording of all audio within the physical vicinity of the speaker, demonstrating how a remote attacker could eavesdrop on Sonos customers.
- Weaknesses identified within the Sonos Era-100 secure boot implementation, which could have been used to tamper with the integrity of Sonos devices.
Robert Herrera, Senior Consultant, NCC Group commented:
“Our research highlights the extensive attack surface an attacker could have exploited to gain control or access sensitive information of a popular consumer device.”
“'Improving the overall security of connected appliances requires continuous improvement in security techniques and collaboration between device vendors and OEMs to safeguard assets and consumer privacy in the face of evolving cyber threats.”
In an investigation by UK consumer body, Which?, NCC Group supported with research that found that a home filled with smart devices could be exposed to more than 12,000 hacking or unknown scanning attacks in a single week highlighting an urgent need for better security across connected devices.
Disclosure
NCC Group disclosed bug details and highlighted potential mitigation approaches to Sonos, coordinating the release of information and mitigation before issuing research publicly.
The research team released a whitepaper detailing the findings to coincide with their Black Hat presentation, which you can find here.
Previous research: Technical Advisory: Sonos Era 100 Secure Boot Bypass Through Unchecked setenv() call | NCC Group Research Blog | Making the world safer and more secure
Contact
NCC Group Press Office
All media enquires relating to NCC Group plc.