Call us Toll Free (USA): 1-833-844-9468     International: +1-603-280-4451 M-F 8am to 6pm EST

Black Hat USA 2024: NCC Group Reveals Research on Sonos Devices That Could Have Allowed an Attacker to Compromise, Eavesdrop and Record Conversations

This week at the Black Hat USA hacker conference, NCC Group revealed its latest research into the safety and security of consumer connectable products, sharing details of vulnerabilities researchers found in a range of Sonos smart speakers.

The vulnerabilities, which have been patched by Sonos, exposed weaknesses in vital components of the devices that could enable attackers to circumvent security controls and covertly record all audio present.

NCC Group has also published a whitepaper documenting the research, detailing how each vulnerability affects different vital components of the devices, highlighting the need for improved security techniques and strategies for both the device vendor and their respective Original Equipment Manufacturers (OEMs).

Researchers uncovered:

  • A remote over the-air (WiFi) attack on Sonos One devices, which could have been used to enable covert recording of all audio within the physical vicinity of the speaker, demonstrating how a remote attacker could eavesdrop on Sonos customers.
  • Weaknesses identified within the Sonos Era-100 secure boot implementation, which could have been used to tamper with the integrity of Sonos devices.

Robert Herrera, senior consultant, NCC Group commented: “Our research highlights the extensive attack surface an attacker could have exploited to gain control or access sensitive information of a popular consumer device.”

“Improving the overall security of connected appliances requires continuous improvement in security techniques and collaboration between device vendors and OEMs to safeguard assets and consumer privacy in the face of evolving cyber threats.”

In an investigation by UK consumer body, Which?, NCC Group supported with research that found that a home filled with smart devices could be exposed to more than 12,000 hacking or unknown scanning attacks in a single week highlighting an urgent need for better security across connected devices.

Disclosure

NCC Group disclosed bug details and highlighted potential mitigation approaches to Sonos, coordinating the release of information and mitigation before issuing research publicly.

The research team, Alexander Plaskett and Robert Herrera, released a whitepaper detailing the findings to coincide with their Black Hat presentation, which you can find here.

Link to previous research: Technical Advisory: Sonos Era 100 Secure Boot Bypass Through Unchecked setenv() call | NCC Group Research Blog | Making the world safer and more secure

black-hat-usa-2024-ncc-group-reveals-research-on-sonos-devices-that-could-have-allowed-an-attacker-to-compromise-eavesdrop-and-record-conversations
Press Release by NCC Group

Media Contact

Amanda Schweitzer

13th Anniversary Global InfoSec Awards for 2025 now open for super early bird packages! Winners Announced during RSAC 2025...

X