Answered

Security issue in Tourism environment using separate wifi networks

  • 22 April 2022
  • 5 replies
  • 84 views

Hello,

 

I am having an issue securing my Sonos speakers in a commercial tourism environment.  I currently have 2 Sonos One speakers and am looking to add about 7 - 10 more speakers to the system.

I have them on their own separate password protected wifi but guests with the Sonos app are still able to find the speakers and screw around with things like volume controls and pairing settings.  We see hundreds of guests a day and have a wine lounge and bar so some guests get antsy with the music after a drink or two.

 

 Here is my set up:

 

Running a Ubiquiti Unifi Network with 4 separate wifi networks:

3 are secured networks

1 is a public guest access channel used for guest access (required for marketing, etc). 

Networks are:

Guest (open to internet for guest access, metered, email authenticated)

Music (for Sonos exclusively, secured, not discoverable)

Staff (for staff, connection to server, firewall protected server)

Payment terminal gateway (for credit card machines, etc, third party firewall protected from bank)

 

Running 14 UniFi wifi access points for all winery wifi networks.

For guest wifi access we are running a guest log in portal through Ubiquiti.  Guests have limited internet access, no server access, cannot see or discover anything on the network.

2 - Sonos One SL

 

Last summer we had guests constantly able to get access to the speakers from their own sonos app and change the volume or song.

I have spent all winter working on different configurations to secure the speakers and then assign someone on our staff to attempt to “hack” it.  Initially the speakers do not appear, but when someone on the guest wifi opens their own sonos app, they are able to discover them with some searching. They are always able to get to the speaker and able to change the volume or song.  Note: they are NOT logging in to the Music network to do this.  They are seeing the speakers from the guest wifi)

I have reviewed my network security about a hundred times, what am I missing, I need a fresh opinion…  I need to make the speakers completely undiscoverable.

Thanks,

Jeff

 

icon

Best answer by John B 22 April 2022, 17:47

View original

This topic has been closed for further comments. You can use the search bar to find a similar topic, or create a new one by clicking Create Topic at the top of the page.

5 replies

Hi. For the guests to be able to control the speakers, their devices must be on the same subnet as your speakers.  Please explain how you have created a ‘separate password protected wifi’.

What do you mean by a ‘WiFi channel’ please?

Sorry, meant to say separate wifi network.  I edited that.

In my unifi network control panel I have created separate wifi networks.

Have you created different networks or just different SSIDs?  The only explanation I can think of for what you describe is that you don’’t really have separate networks.  If the controllers are on a different network from the speakers they simply cannot talk to them.

Ahh, music is on the same subnet as guest, not Staff.  Testing...

Ahh, music is on the same subnet as guest, not Staff.  Testing...

I think we may be on to something here…….