Sonos and Bose speakers could enable hackers to identify access points via which they might infiltrate companies to steal information, says Trend Micro.
Security researchers have warned that internet-connected smart speakers could expose valuable information about corporate network access points to hackers.
In a recent blog post, Trend Micro senior threat researcher Stephen Hilt warns that hackers could use IoT search website Shodan to find internet-facing smart speakers, such as ones from Sonos and Bose, that could act as useful gateways to corporate information. In his research, Hilt discovered around 4,000 to 5,000 exposed Sonos speakers as well as hundreds of Bose speakers.
“The first glaring finding was access to email addresses that are linked to music streaming services synced with the device. Another was access to a list of devices as well as shared folders that were on the same network as the test device”, he writes.
“We also got BSSID information [a type of wireless access point address] that, paired with an existing API that queries specific BSSIDs, gave us the approximate location of access points used by the test unit. And lastly, we were able to see the device’s activities, such as current songs being played, control the device remotely, as well as play music through URI paths.”
Open to snoopers?
This doesn’t just meant that hackers could take control of smart speakers, but also that they could access data on devices sharing the same network as speakers. And that’s a very worrying prospect for businesses that have these speakers dotted around offices, warehouses and factories.
“In a workplace scenario, an exposed device which identifies and lists down other IoT devices connected to the same network can give an attacker plenty of information to work on,” Hilt writes. “Bad actors could find machines such as printers with existing vulnerabilities and use that to gather further information or as an entry point.”
In a domestic setting, Hilt goes on to warn, hackers might keep an eye on wireless access points (WAPs) the device tries to access, in order to find a user and discover when they are out of their home in order to carry out a robbery. Hackers could also send tailor-fit emails to accounts tied to the music streaming applications. This time, the email could contain a fake message from the manufacturer along with a link that downloads malware instead of a software update.
Read more: Satori malware code made public by hackers
More safety precautions needed
“While IoT devices are connected to the internet, they should never be exposed. In the case of the test device, manufacturers should make sure that ports connecting to the devices cannot be accessed directly from the internet. Manufacturers should also secure data that’s being stored or compiled by these IoT devices and conduct security audits – including regularly reading public forums discussing their products,” said Hilt.
He added that consumers and enterprise IT administrators should not rely entirely on manufacturers to do all the heavy lifting. “Users should check their routers for rules that might provide outside access to devices and folders on the network. If access is needed, it should be limited to as few devices as possible. They should enable password protection on all devices if possible and replace default passwords immediately with stronger ones.” said Hilt.