topic Sonos Speaker Flaws Could Have Let Remote Hackers Eavesdrop on Users in Threats https://community.isc2.org/t5/Threats/Sonos-Speaker-Flaws-Could-Have-Let-Remote-Hackers-Eavesdrop-on/m-p/73021#M1345 <P>Hi All</P><P>&nbsp;</P><P>Cybersecurity researchers have uncovered weaknesses in Sonos smart speakers that could be exploited by malicious actors to clandestinely eavesdrop on users.</P><P>The vulnerabilities "led to an entire break in the security of Sonos's secure boot process across a wide range of devices and remotely being able to compromise several devices over the air," NCC Group security researchers Alex Plaskett and Robert Herrera <A href="https://www.nccgroup.com/us/research-blog/blackhat-usa-2024-listen-up-sonos-over-the-air-remote-kernel-exploitation-and-covert-wiretap/" target="_blank" rel="noopener">said</A>.</P><P>Successful exploitation of one of these flaws could allow a remote attacker to obtain covert audio capture from Sonos devices by means of an over-the-air attack. They <A href="https://www.sonos.com/en-gb/security-advisory-2024-0001" target="_blank" rel="noopener">impact all versions</A> prior to Sonos S2 release 15.9 and Sonos S1 release 11.12, which were shipped in October and November 2023.</P><P>&nbsp;</P><P><A href="https://thehackernews.com/2024/08/new-flaws-in-sonos-smart-speakers-allow.html" target="_blank">https://thehackernews.com/2024/08/new-flaws-in-sonos-smart-speakers-allow.html</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Mon, 12 Aug 2024 00:40:22 GMT Caute_cautim 2024-08-12T00:40:22Z Sonos Speaker Flaws Could Have Let Remote Hackers Eavesdrop on Users https://community.isc2.org/t5/Threats/Sonos-Speaker-Flaws-Could-Have-Let-Remote-Hackers-Eavesdrop-on/m-p/73021#M1345 <P>Hi All</P><P>&nbsp;</P><P>Cybersecurity researchers have uncovered weaknesses in Sonos smart speakers that could be exploited by malicious actors to clandestinely eavesdrop on users.</P><P>The vulnerabilities "led to an entire break in the security of Sonos's secure boot process across a wide range of devices and remotely being able to compromise several devices over the air," NCC Group security researchers Alex Plaskett and Robert Herrera <A href="https://www.nccgroup.com/us/research-blog/blackhat-usa-2024-listen-up-sonos-over-the-air-remote-kernel-exploitation-and-covert-wiretap/" target="_blank" rel="noopener">said</A>.</P><P>Successful exploitation of one of these flaws could allow a remote attacker to obtain covert audio capture from Sonos devices by means of an over-the-air attack. They <A href="https://www.sonos.com/en-gb/security-advisory-2024-0001" target="_blank" rel="noopener">impact all versions</A> prior to Sonos S2 release 15.9 and Sonos S1 release 11.12, which were shipped in October and November 2023.</P><P>&nbsp;</P><P><A href="https://thehackernews.com/2024/08/new-flaws-in-sonos-smart-speakers-allow.html" target="_blank">https://thehackernews.com/2024/08/new-flaws-in-sonos-smart-speakers-allow.html</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Mon, 12 Aug 2024 00:40:22 GMT https://community.isc2.org/t5/Threats/Sonos-Speaker-Flaws-Could-Have-Let-Remote-Hackers-Eavesdrop-on/m-p/73021#M1345 Caute_cautim 2024-08-12T00:40:22Z