![]() Access to these resources requires secure sharing of credentials.įirst thing I noticed after configuring a share location is that the credentials used to gain access to the share (SMB) are transferred to the Sonos device in clear text (HTTP) and are consequently subject to potential MITM attacks.Īnother important part of the same HTTP (SOAP) call shown in the Wireshark trace below is that my share username/password are somehow encrypted. The macOS Sonos Desktop Controller has the ability to add a new music library in multiple ways such as the use of an (SMB) network share, or a folder on the user’s system. Introduction the SMB network share option At least, I think that should be every nerdy business owner’s dream. or in better words: be part(!) of a crew that outsmarts me in all technical directions. Hipster voices yelling from the back: "what the hell is taking you so long, use Frida dude!" If you are still reading this, try to be very happy that I am not going through all details of multiple pranks that eventually made me fall in love with Frida. This part of the journey is how I got introduced to hipster reverse tools ( Achievement unlockedīefore we start getting into the details of several Sonos vulnerabilities it is important to note that Securify has (too) many #infosec hipsters, shout out to #DoubleDipper ( and #OsdorpHotBoy ( These two gentlemen are very eager to tell me that I am doing it all wrong and to stop messing around with the wrong tools. In addition, Sonos Desktop Controller for Windows contains vulnerabilities that allow a malicious user or malware to share any file on the system. When these credentials are captured by a suitable positioned attacker (MiTM) on the network (for example open WiFi) they can be decrypted by enrolling to the same Sonos device as the victim (Sonos devices have no access control capabilities). Before the credentials are shared by the Desktop Controller they are first encrypted (insecurely) and then send over an insecure connections (HTTP). In order for the Sonos device to gain remote access to these music resources the network share credentials must be shared and stored on the Sonos device. Sonos Desktop Controller for Windows and MacOSX has the ability to add remote music libraries to a Sonos device by providing credentials of a network share (for example NAS) containing music or local folders on the user’s system. Sonos has released a fix (v10.1) for Sonos Desktop Controller (Windows and Mac OSX) on April 3rd, 2019 #TL DR Older versions of the Desktop Controller app are also affected. Sonos Desktop Controller for Windows version 10.0 build 48261220.Sonos Desktop Controller for macOS version 10.0 build 48261220.Frida without reversing is a bunch of nothing I guess.Introduction the SMB network share option.If you have a Sonos Music System, and own a Mac, then you need to get this app. The interface is very intuitive and is a joy to use. The Sonos for Mac app, allows you to remotely control your Sonos Music System with a sleek look, fast search features, high quality streaming, and adaptive volume control. Just tap the Info View icon and select 'Share.' Share your status or send an email or text. Share:Tell your friends what you’re listening to on Sonos.Select specific Sonos players or rooms to set volume, duration and more. Alarm:Schedule your system to play any of your music sources at a specific time. ![]() Find the latest and greatest free, trial and paid music streaming services you love. Add music services:Search across services to access all the music on earth. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |