- How many people are considering moving away from SONOS due to the lack of an official response from SONOS on the SMB 1 security issue?
- I have been a long time supporter of SONOS and am dismayed at their lack of response at the many threads on the SMB1 security issues.
- I use a NAS to my music with SONOS and this was one of the primary reasons for my first purchase when they first introduced the product to the market.
- I had already stared upgrading my SONOS equipment to support S2 but have halted all purchases until I get an official response to the SMB1 issue.
- I have sent a E-Mail to the SONOS CEO requesting an official response and will update this thread when I get a response to my E-Mail.
SMB1 Security Issue - LACK OF RESPONSE FROM SONOS
It’s almost reassuring that Sonos will tackle the SMB1 issue (finally!) - almost because we have no committed date yet.
Here’s a thought though….if Sonos have such little regard for the security of your home network, then what sort of regard do you think they have over your data that they hold?
They either haven’t grasped the issue and the risk they are imposing on their customers...or they just don’t care (I think its probably the latter…….)
You’ve clearly got an axe to grind. If you know exactly what needs to be done and how, why don’t you offer Sonos your technical services?
“
- You might be happy to sacrifice your home security to support your aging systems….I however would prefer not to. I’m more than happy to see obsolete systems bricked if it means having a more secure system,
Yes of course you are
Sonos are more than capable of reaching out to me, if they choose to do so….
Yes I do have an axe to grind here, and a responsibility too. I’m both a customer and a cyber security expert. They should be making products and providing services that protect their customers, not ignoring gaping security holes. It begs the question that if they’re ignoring this then what else are they ignoring?
Look I see you’re a big Sonos fanboi, so I don’t expect you to be bothered by this, although I recommend you should be.
Hey
Sotiris C. Are you looking at ending the 65k limit too?
I will forward this as a feature request to our development team.
I’m not considering moving away from Sonos - I have a NAS that just has my modest music library stored on it and the fact it’s inside a (hopefully) secure monitored home network, I’m not too bothered by the SMB-1 vulnerability. My understanding is that the benefits of SMB-2, or higher, is that the music files transverse the network encrypted, rather than unencrypted, and so can presently be read and/or possibly diverted to a hacker that manages to breach my network in the first place. Seems like a lot of effort just to listen to a few songs?
I’m not going to lose sleep over that and I’m quite sure there are many vulnerabilities around us all, both known and perhaps unknown, that can likely be far worse. I do many things of course to keep the entire network perimeter secure and have things guarding the inside and monitoring the WAN traffic too, looking for intruders and trying to do my level best to keep things safe. This issue certainly isn't going to cause me to move away from my home sound system.
I’m quite sure there’s lots of other types of hacking to worry about, but I’m certainly not going to let the scaremongering around SMB change anything here. I’ve been using the music library for years and will no doubt continue to do so, as my now-old NAS will unlikely support the upgraded version of the protocol anyway.
I’m not moving away from Sonos because of this, but I would like te see it repaired - including a solution for the 64k limit. In this respect I expected more from the much hyped S2 software……
GOOD NEWS:
I just received a E-Mail response from SONOS from one that I sent to the CEO.
S2 supporting SMB 2 and 3 will definitely happen, so I don't think there's an issue with you letting the community know. It's just the time line that isn't set, so there's no set date.
Well finally some positive news on this. We know the One SL already has the updated SMB stack, but sadly it is buggy right now. Has anyone tried SMBv2 with a One SL? Maybe that works already. (For an accurate test you would need to power down everything that isn’t a One SL and do a Library Scan).
Might be fun to run some network probes against the newest Sonos gear too, see if they can return any OS info that points to changes from older gear.
Great news. Would this also mean an end to the 65k limit? Or are these two things not connected?
A lot of the limits on Sonos internal data/storage could be relaxed in S2, much of it wouldn’t even require a newer kernel.
It would take programmer time and testing which are expensive so Sonos is only likely to do stuff that are popular requests.
I’m coming very late to this, as when I first stumbled upon the SMBv1 issue some time ago I just set my SAN to support SMBv1 and didn’t really worry about it, but the issue recurred after updating to Windows 11, and in resolving it the second time I came across this link from Synology, who manufacture my SAN, about how to enable SMB just for a specific IP address range (i.e. devices on your LAN) - in case any of the rest of you likewise have a Synology SAN thought I’d share the link, as seems to allow both SONOS S1 *and* reasonable security w/out the hassle of configuring a RPi or equivalent as a music server). https://www.synology.com/en-us/security/advisory/Precaution_for_a_PotentialSMBVulnerability
One solution is to the change your router for one with a USB port. I have a BT router and I have a 2TB hard drive with nothing but my FLAC music library on it plugged into to it. I had to enable smbv1 on my PC to map the drive and then disabled it afterwards. If I want to add new FLAC files to my library, I just disconnect it from the router, transfer them across on my PC and then plug it backs and rescan the library.
I know this doesn't solve the OP's problem, I'm just offering an alternative solution. It's the best thing I've done Sonos wise. The noise from my NAS was annoying and the HDD which is powered by its USB connection runs silently, sleeps after 20 minutes of inaction and wakes up again within a couple of seconds when called into action again!
Note, however, that S1 devices do not have the capability to use anything higher than the version 1 of SMB, it does require S2 to use SMB v2 and SMB v3.
It’s almost reassuring that Sonos will tackle the SMB1 issue (finally!) - almost because we have no committed date yet.
Here’s a thought though….if Sonos have such little regard for the security of your home network, then what sort of regard do you think they have over your data that they hold?
They either haven’t grasped the issue and the risk they are imposing on their customers...or they just don’t care (I think its probably the latter…….)
no committed date but already works fine for me as stated here
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.