SMB1 Security Issue - LACK OF RESPONSE FROM SONOS

  • 15 August 2021
  • 40 replies
  • 6566 views

Userlevel 4
Badge +6
  1. How many people are considering moving away from SONOS due to the lack of an official response from SONOS on the SMB 1 security issue?
  2. I have been a long time supporter of SONOS and am dismayed at their lack of response at the many threads on the SMB1 security issues.
  3.  I use a NAS to my music with SONOS and this was one of the primary reasons for my first purchase when they first introduced the product to the market.
  4. I had already stared upgrading my SONOS equipment to support S2 but have halted all purchases until I get an official response to the SMB1 issue.
  5. I have sent a E-Mail to the SONOS CEO requesting an official response and will update this thread when I get a response to my E-Mail.

This topic has been closed for further comments. You can use the search bar to find a similar topic, or create a new one by clicking Create Topic at the top of the page.

40 replies

Userlevel 4
Badge +6

GOOD NEWS:

 

I just received a E-Mail response from SONOS from one that I sent to the CEO.

 

S2 supporting SMB 2 and 3 will definitely happen, so I don't think there's an issue with you letting the community know. It's just the time line that isn't set, so there's no set date.

 

He was hopeful that this might happen by the end of the year.

 

The E-Mail came from Matthew G “SONOS Supervisor Customer Care”


 

Userlevel 7
Badge +21

For me this is great news, not because I need the SMB upgrade, like Ken I have a sacrificial raspberry Pi.

However that fact that Sonos is going to resolve this issue means they are still committed to supporting local Music libraries, which is a relief.  And who knows but maybe they will be voice assistant, which maybe could select music from local libraries?

Userlevel 7
Badge +23

@Sotiris C. Are you looking at ending the 65k limit too?

The 64k limit is a tricky one. While the move to S2 means the devices now have the memory and storage for a much larger database, the way IDs and enumeration work is with a DWORD, ie a pair of WORDs. Those WORDs are the item index, and of course are limited to 64k. To fix this the DWORDs used on every single playable item would have to be widened to QWORDs throughout the code (so they can store a pair of DWORDs), and much of the Sonos hardware is 32-bit so the overhead in the compiled code is going to be notable. Its also a wire-protocol change for the UPnP API (something that hasn’t happened in a decade).

It should be trivial to increase the overall size limitations of the music database (thanks to the increase in storage), but breaking the actual 64k track limit is a notable engineering task. I’m not going to hold my breath.

Userlevel 7
Badge +22

If you go back and look at past posts on SMB v1 you will see that if Sonos does move to fix it it will only be for S2 and the Sonos devices that have the internal memory needed to support the newer Linux kernel and the newer Samba software.

That is going to be a major project, lots of details are available in past posts too.

My bottom line is that the SMB v1 issue can be easily worked around and doesn’t require you to set your NAS to unsecure settings or expose your data to SMB v1 related security risks.

I’m just not dumping my house full of Sonos gear when a $35 Canakit Raspberry Pi Zero W kit will fix the problem with a few minutes of setup effort. Cheaper if you don’t need the full kit too.

Pi Setup guide: https://stan-miller.livejournal.com/357.html

Canakit Pi: https://www.amazon.com/CanaKit-Raspberry-Wireless-Complete-Starter/dp/B07CMVDHWB/ref=sr_1_8

 

You can also just make a dedicated Pi NAS for Sonos by adding an external drive:

https://stan-miller.livejournal.com/650.html

Userlevel 7
Badge +23

Great news. Would this also mean an end to the 65k limit? Or are these two things not connected?


Not directly connected, no, but if they are going to crack open local library support anyway then that would be the time to update the file database code as well. We know that S2 devices have a ton more flash and memory, which was one of the problems with fixing it in S1.

It would give more incentive for folks to move to S2 as well.

Userlevel 7
Badge +22

Well I just lost 45 minutes of a long post with the version details from the nmap program, most of the time spent sanitizing personal info from the scans. <word the admins would have to remove!>

What I can recover:

Play 1:

Running: Linux 3.X

OS CPE: cpe:/o:linux:linux_kernel:3
OS details: Linux 3.2 - 3.16

 

Arc and One SL

Running: Linux 3.X|4.X

OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.2 - 4.9

Be interesting to see these lines from other Sonos kit, particularly Legacy / S1 stuff.

 

Command:  sudo nmap -A -v -O -sV 172.16.1.122
 

Since I made a backup of this post it is sure to go with no problems. :-(

Userlevel 7
Badge +21

Just buy a cheap nas for storing your Sonos library only.  If you have an old hard drive you could use that.  Will work out far cheaper.

Have a look at the competition too, it may suit you, but don’t expect many of them to be working in 10 years time.

I’m coming very late to this, as when I first stumbled upon the SMBv1 issue some time ago I just set my SAN to support SMBv1 and didn’t really worry about it, but the issue recurred after updating to Windows 11, and in resolving it the second time I came across this link from Synology, who manufacture my SAN, about how to enable SMB just for a specific IP address range (i.e. devices on your LAN) - in case any of the rest of you likewise have a Synology SAN thought I’d share the link, as seems to allow both SONOS S1 *and* reasonable security w/out the hassle of configuring a RPi or equivalent as a music server).  https://www.synology.com/en-us/security/advisory/Precaution_for_a_PotentialSMBVulnerability 

 

 

Sonos has supported SMB v2 and v3 for months.

Userlevel 7
Badge +23

Maybe the Admins can lock this thread now? Bruce’s last reply is accurate, succinct and covers the issue entirely.

Userlevel 7
Badge +22

I’d say it is more likely you haven’t grasped the complexity of the SMB version upgrade issue. It is not a simple swap but requires a massive re-do of the entire Sonos software stack as well as lots of hardware that would need to be replaced.

Go back to 2006 or so and look at some of the older discussions on what would be needed on the hardware and software sides of the issue.

Sonos has been taking hits on this since back then, if it was possible they’d have done this long ago to silence the critics.

Do I want SMB 3 or better yet NFS? Yes.

Am I willing to see all my older Sonos gear become worthless paperweights to get it? No.

The S1 / S2 split is as good as it ever is going to get, the S1 gear is just too limited in memory.

I don’t think YOU’VE grasped the issue here……

  • It’s now 2021, not 2006 - they’ve had 15 years to consider this
  • Redo the ENTIRE software stack?  Really? Haven’t they had plenty of time to add this to a release train?  Maybe at the time of developing S2?  After all the community have been asking for this for a very long time….
  • In 2006 Sonos was pretty much the only show, now there is far more competition.  I put it to you that they, like most companies, probably didn’t care about security of their systems back then (maybe they’re waking up to it now...).  Perhaps they still don’t care (I believe they don't) - remember the “Recycle Mode” fiasco?  They only started to care when it backfired on them.
  • You might be happy to sacrifice your home security to support your aging systems….I however would prefer not to.  I’m more than happy to see obsolete systems bricked if it means having a more secure system, 
  • I don’t get what your final comment about the “S1 / S2 split is as good as it ever is going to get”  are you saying S2 supports SMB 2/3?  Have I missed an important setting here?
Userlevel 7
Badge +22

No problem with ax grinding, just sucks a bit when you completely fail to understand the issue, even when given (admittedly somewhat minimal) assistance in finding the details.

At this point your posts are basically ranting about things you have failed to understand.

[quote]Haven’t they had plenty of time to add this to a release train?[/quote]

Seriously how in the world should Sonos add memory to the old players with a software update?

I guess they could re-write the Linux kernel and the Samba code trimming non-essentials bits but that is kinda a big job and then they must maintain both forks on their own. Not practical but at least it is not impossible as the “add memory” option.

[quote]I don’t get what your final comment about the “S1 / S2 split is as good as it ever is going to get”  are you saying S2 supports SMB 2/3?  Have I missed an important setting here?[/quote]

Yes. The S1 / S2 split is all about keeping the old S1 gear working as is, while splitting off the more capable S2 gear into a new branch that has the memory space to allow enhancements.

I’m saying the S2 level gear has the memory to support the newer Linux kernel and Samba code needed to enable newer versions of SMB. Not that it is coming soon though.

You could go back either here or in other embedded systems discussions and look at the difficulties, costs and time needed to move an existing hardware platform running a forked and privately patched kernel to a current kernel that includes any of the patches required by the platform.

[quote]You might be happy to sacrifice your home security to support your aging systems….I however would prefer not to.[/quote]

Why in the world would I do something like that when it only takes a few minutes and under $50 to install a NAS to SMB v1 gateway eliminating the security issue?

Userlevel 7
Badge +17

And, just to clarify, if you do not use let Sonos connect to your NAS to play your music (a function that is for many also hampered by the 65k limit), but use a computer or Plex, there is no security risk.

Userlevel 7
Badge +23

And, just to clarify, if you do not use let Sonos connect to your NAS to play your music (a function that is for many also hampered by the 65k limit), but use a computer or Plex, there is no security risk.


Or use a PC or a Mac.

 

Userlevel 7
Badge +14

Hey everyone, I’m happy to announce that thanks to the introduction of our S2 platform, we've now added support for SMBv3. Sonos S2 devices will use the highest version of SMB supported by your NAS device. To access this update, you may need to manually change the configuration of your NAS device.

Userlevel 7
Badge +18

Hey @106rallye,

Sotiris C. Are you looking at ending the 65k limit too?

I will forward this as a feature request to our development team.

For the 82nd time in many years…

:rolling_eyes:

I’m not moving away from Sonos because of this, but I would like te see it repaired - including a solution for the 64k limit. In this respect I expected more from the much hyped S2 software……

@Ken_Griffiths At this moment I do not have the time to investigate, but are you sure you represent the dangers of SMBv1 right? I seem to remember SMBv1 is also possibly opening up your system to viruses.

If you can show me the evidence to the contrary I will happily stand corrected @106rallye, but my SMB traffic is restricted to transfer of my music inside my secure network - so to intercept it, someone has to first breach the perimeter anyway - my access to the internet is via a third party (paid) monitoring service - my emails are scanned separately before I receive them (paid service too) and like everyone I try to do my level best (within my own knowledge) to stay secure.

I guess anything, or everything, is hackable given time, but I try to apply a bit of common sense. I’m sure even ‘old’ hardware devices on anyone’s network are just as easily hackable too and by old, I mean anything perhaps over 12 months old, as that most probably provides enough time for its vulnerabilities to come to light.

The router Superhub-2 from the ISP provider VirginMedia in the U.K. was recently reported as being hacked, just as an example … but many folk are likely still using that device without addressing its recently identified vulnerability. So if that was my router (it isn’t by the way) I would rush to sort the issue ASAP, but the SMB vulnerability is not one I see as being that urgent… if the hacker can get into my secure network to begin to exploit it, then in my book my security will have already failed anyway.

The SMB issue is certainly not going to turn me away from Sonos, that’s for sure.

Userlevel 4
Badge +6

I will try to run NMAP on some of my SONOS equipment to provide some additional details. I still have three Generation 1 Play 5’s that cannot be updated to S2.

GOOD NEWS:

 

I just received a E-Mail response from SONOS from one that I sent to the CEO.

 

S2 supporting SMB 2 and 3 will definitely happen, so I don't think there's an issue with you letting the community know. It's just the time line that isn't set, so there's no set date.

 

He was hopeful that this might happen by the end of the year.

 

The E-Mail came from Matthew G “SONOS Supervisor Customer Care”


 


+1

I am the happy owner of an old setup still running S1 (I have a Sonos Connect to feed my HiFi system) and I am using both streaming from online services and my local library (on a NAS).

Recently my girlfirend had an issue with her new MacBook that required to update the minimum SMB version on the NAS to SMB2. Then I realized that the Sonos products couldn't access my local library anymore (stored on the same NAS).

So far I have resisted the incentive to move to S2 since my setup was working perfectly (and I was several times upset about the pushy behavior of the app, but that's another story...) Nonetheless, I understand that 10+ years old products may not be upgradable to run “new” protocols  and would consider upgrading my Connect to run S2 if it would allow me to use SMB2/3.

If not, I am not sure what I would do… The RPi solution seems doable, but honestly, given the price tag of Sonos products, I think it shouldn't be required to fiddle with that kind of stuff. I haven’t looked into competition solutions yet, but I probably would.

I’m looking forward to further news from Sonos on this topic.

Userlevel 7
Badge +22

Cheap NAS is a solution BUT don’t get screwed like I did by WD, they sold me a MyBook Live and quickly stopped offering security updates making it risky to keep on-line. Then there were the RF noise issues, placing within a couple feet of a WiFi device would knock it off line.

The Pi SMB v1 gateway is the cheap solution if you have your music on a NAS already. Very low maintenance, just a few security updates needed if you pick the bare-bones Pi OS.

A  Pi SMB v1 server isn’t much more expensive and can use a salvaged hard drive and $10 USB-SATA cable.

Either one of these can be hosted on any SMB v1 capable machine, the same instructions apply.

Many folks are finding switching to the Mac or Windows non-SMB server option is their best option.

 

What Sonos did that made this mess is what almost every other embedded computer manufacturer did, cheaped out on RAM and ROM, limiting expansion. What Sonos has done differently that any other manufacturer I own gear from is to keep as much old gear usable as possible. Then they throw in the upgrade and trade options that nobody else I use has ever offered.

Many thanks for the answers. Indeed a cheap NAS would be an option, but I live in a small flat and try to avoid piling unnecessary devices. The Pi SMG gateway would work too especially that I already own one… So I will probably go for that.

> Many folks are finding switching to the Mac or Windows non-SMB server option is their best option.

Could you be more specific? What alternatives do you suggest?

Userlevel 7
Badge +22

Only ones I’m aware of are the Sonos software packages for the Mac or Windows.

https://support.sonos.com/s/downloads?language=en_US

Only ones I’m aware of are the Sonos software packages for the Mac or Windows.

https://support.sonos.com/s/downloads?language=en_US


I see, thanks.

By the way, I was able to setup my Raspberry Pi to serve the NAS files using SMBv1 thanks to your tutorial, so thanks for that too!

Enabling smbv1 on a NAS is  a security risk. smbv2 came out in 2006. It’s a drop in protocol, you don’t have to write it yourself. S2 was no improvement on S1 and in fact the UI of v1 is friendlier. I would like to go back but my s/o updated and no I can’t. wtfbbq, there is no real excuse for having to enable an insecure protocol 15 years after a secure on was released.

It may be a drop in protocol, but that assumes that you have space in the memory of the device to increase the size of the kernel. One presumes that Sonos did not have the available memory to update the kernel. They have, however, indicated that it is being worked on for S2, which does run on devices that have larger memory footprints.