{"id":166823,"date":"2024-08-10T00:00:55","date_gmt":"2024-08-10T00:00:55","guid":{"rendered":"https:\/\/securityaffairs.com\/?p=166823"},"modified":"2024-08-10T00:00:57","modified_gmt":"2024-08-10T00:00:57","slug":"sonos-smart-speakers-flaw","status":"publish","type":"post","link":"https:\/\/securityaffairs.com\/166823\/hacking\/sonos-smart-speakers-flaw.html","title":{"rendered":"Sonos smart speakers flaw allowed to eavesdrop on users"},"content":{"rendered":"
<\/div>\n
NCC Group discovered vulnerabilities in Sonos smart speakers, including a flaw that could have allowed to eavesdrop on users.<\/h2>\n\n\n\n
Researchers from NCC Group have discovered multiple vulnerabilities in Sonos smart speakers, including a flaw, tracked as CVE-2023-50809, that could have allowed eavesdropping on users.<\/p>\n\n\n\n
The researchers have disclosed the vulnerabilities during the BLACK HAT USA 2024 conference.<\/p>\n\n\n\n
The vulnerability CVE-2023-50809 can be exploited by an attacker who is in the Wi-Fi range of the targeted Sonos smart speaker to achieve remote code execution and take over the device.<\/p>\n\n\n\n
The flaw resides in the device’s wireless driver which fails to properly validate an information element while negotiating a WPA2 four-way handshake.<\/p>\n\n\n\n
Successfully exploiting this flaw can allow attackers to record audio and exfiltrate it to the attacker\u2019s server.<\/p>\n\n\n\n