Misconfigured Networks Vulnerable to PewDiePie Prank


Userlevel 7
Badge +25
  • Community Manager
  • 10657 replies
We've been investigating a small number of households with improperly configured networks, such that Sonos players and other devices become accessible from the Internet, and someone instigated a prank to play a message in support of YouTube star PewDiePie on those systems. 

This prank is not confined to Sonos, and if a network is set up wrong, household devices may be listed on the public internet, including printers, computers, or smart home devices.

For Sonos devices specifically, the prank allowed unauthorized playback of an audio track. In all cases we have investigated so far, customers experiencing this issue had their Sonos systems inadvertently exposed to the internet due to a router misconfiguration.

We encourage all Sonos users to make sure they are following best practices for securing their home networks and to turn on automatic updates. Best practices include securing their home networks with unique passwords on routers and wireless networks, turning on firewalls, and ensuring caution when making internal devices publicly available, such as through port forwarding or another protocol. 

We are supporting customers on an ongoing basis to help configure their home systems. Our customer care team is available to assist anyone who believes they may have been targeted by this prank.

34 replies

Userlevel 7
Badge +20
Any hope this will motivate the developers to give us a username/password for access to our Sonos gear?

And maybe then access to the data that was blocked to protect the stupid users that left their gear open to the world?
Userlevel 7
Badge +21
The joy of making networking easy is that people not knowledgeable in networking can easily make mistakes jeopardizing the security of their devices. You don't need to create a port forward or inbound firewall rule for your Sonos speaker(s). It's not necessary. They need to be able to communicate out to the internet, but the internet doesn't need to communicate in to them.
I had to just unplug all my Sonos speakers, the prank was waking me up all night. I got so frustrated I almost broke one of my speakers! I don’t know how to stop it. Feels like someone keeps breaking in my house! I really don’t know what to do, so I’m using Alexa for my speakers now. The prank is also getting louder.
Userlevel 7
Badge +25
Hi rockhasmoney, I just sent you a private message to follow up.
I've always been an advocate for Sonos until yesterday when both my Sonos Ones got hacked via 'Subscribe to PewDiePie' at FOUR AM. My network is password protected already. This is a huge, huge disappointment and makes me wonder if I should continue to purchase your products.
jsk16 wrote:

I've always been an advocate for Sonos until yesterday when both my Sonos Ones got hacked via 'Subscribe to PewDiePie' at FOUR AM. My network is password protected already. This is a huge, huge disappointment and makes me wonder if I should continue to purchase your products.



The only way you got hacked is if you opened up your network to outside entry. This has nothing to do with your WiFi password.
Or technically, Sonos. I think it's incredibly kind of them to take on the onus of helping you fix your system, as was offered in the post by Ryan S above.
Userlevel 7
Badge +20
I'm curious what drives people to do such foolish things with their networks? There is certainly nothing in the Sonos documentation or manuals to suggest anyone do this.

jsk16 can you give us any information on what inspired you to open your home network (not your WiFi access point) to the world? Did you just do it for your Sonos gear or did you open everything up to outside attack?
I did not do anything to open up my home network. All I did was follow Sonos' instructions to install Sonos Ones...
jsk16 wrote:

I did not do anything to open up my home network. All I did was follow Sonos' instructions to install Sonos Ones...



No router comes standard with the ports wide open to the outside world. You have to manually open it up. Are you running some sort of peer-to-peer bit torrent service ?
I have been a professional programmer for 15 year for what it’s worth. I don’t have any ports open. I also also accept solicited traffic. I had the hack happen to me. I currently have all 5 of my sonos unplugged. Idk how this happened. I have an Ecobee and a not webcams exposed outside (cctv).
I was not contacted today after being told last night via phone help that I would be. My speakers are all sitting unplugged as I await a solution. Although this may not be a Sonos initiated issue, has there been a successful solution presented at this point?
Userlevel 7
Badge +25
Hi @Tetriscodes and @bd1, the solution is to make sure that your Sonos players are behind your router and not being put online on the public internet. In every case I've seen so far, it's because the main router of the house was set up as a bridge or had DHCP disabled. This places your Sonos and all other network devices on the wide-open web. If you're not comfortable with checking your network, you're welcome to give us a call and a technician can give you some advice, or you can give your Internet Service Provider a call and they can assist you with making sure your network is protected.
For my own sanity, I’ve seen it mentioned about port forwarding. I have a port forwarded from my router to RDP on my desktop computer. The port isn’t the default RDP port, and my desktop is password protected. It is the only port opened. Is this going to be a problem? My 25 years of computer and networking experience says no, but my thinking is more old school these days.
BCM wrote:

For my own sanity, I’ve seen it mentioned about port forwarding. I have a port forwarded from my router to RDP on my desktop computer. The port isn’t the default RDP port, and my desktop is password protected. It is the only port opened. Is this going to be a problem?


Not to Sonos, assuming the desktop address is fixed, as it should be for forwarding to work. In any case Ryan's remarked that all the cases seen thus far have been where Sonos devices have been placed outside the router/firewall, on the public internet. TBH it's surprising they worked at all.
Ryan S wrote:

Hi @Tetriscodes and @bd1, the solution is to make sure that your Sonos players are behind your router and not being put online on the public internet. In every case I've seen so far, it's because the main router of the house was set up as a bridge or had DHCP disabled. This places your Sonos and all other network devices on the wide-open web. If you're not comfortable with checking your network, you're welcome to give us a call and a technician can give you some advice, or you can give your Internet Service Provider a call and they can assist you with making sure your network is protected.



I have 5 Sonos. 4 get a private IP from my DHCP being enabled. One keeps giving itself a public IP. It is the only device doing this. My router is not in bridgemode. Thoughts?
Userlevel 4
Badge +18
Has anyone got a technical explanation of how this was done? I found a few articles on it, talking about printers being susceptible as well as Sonos, but I have yet to find a proper breakdown of how the networks were breached. i am guessing that someone managed to use UPnP against routers to open port 1400 to the internet.
Userlevel 7
Badge +25
Tetriscodes wrote:

I have 5 Sonos. 4 get a private IP from my DHCP being enabled. One keeps giving itself a public IP. It is the only device doing this. My router is not in bridgemode. Thoughts?


Check that the router has enough DHCP addresses being distributed total for all devices, and check in the router settings if it has something called DMZ (which is another name for port forwarding), which can individually select devices to assign them public addresses. In the past, I've seen some routers assign DMZ to a device when they shouldn't.
Userlevel 6
Badge +21
My two cents....

In my experience ISP's that supply a modem/router combo unit will allow you to use your own router; but will always place it in bridge mode. Therein lies a major problem for public exposure. I have always opted to demand they allow me to turn off the Wi-Fi portion in their modem/router combo unit which allows me to set my router in router mode. The router IP Configraton Address (not to be confused with the Wi-Fi SSID/Password) is password protected as well.

Also, when setting up a home network one should always make sure it broadcasts as Private behind your router. Here are the IP address sequences as private: https://www.lifewire.com/what-is-a-public-ip-address-2625974

As is explained in the link Public IP Address sequences are 1 to 191. If your devices show an IP Address as such you are open to the public and/or hacking! :@
Ryan S wrote:

Tetriscodes wrote:

I have 5 Sonos. 4 get a private IP from my DHCP being enabled. One keeps giving itself a public IP. It is the only device doing this. My router is not in bridgemode. Thoughts?


Check that the router has enough DHCP addresses being distributed total for all devices, and check in the router settings if it has something called DMZ (which is another name for port forwarding), which can individually select devices to assign them public addresses. In the past, I've seen some routers assign DMZ to a device when they shouldn't.



Thank you. Buried in my router this one device was set to DMZ plus. I couldn’t hit port 1400 from the outside so I’m not entirely sure how they got in. It would be nice if that was secured with some mutualTLS or user pass. I turned off the DMZ plus and rebooted the Sonos and it went back to a private IP. I am wondering how this happened. I’m aware these are sometimes Opt out on some routers but I regularly check to make sure these are shut off. I didn’t physically open them up and I’m at a loss for how it did happen. I hope that all this attack can do is play a song and not run code on my network. Thanks RyanS.
RyanS thank you for your help. ISP router came with Passthrough turned on. Public IP issue fixed. Should have come here first instead of spending way too much time with ISP help line.

Hopefully this is the end of it. Thanks again.
Userlevel 7
Badge +25
Great to hear you're all set!
Networking is so very complex that your average user has no idea how to secure a network. Many will blindly open ports because "that's what they were told to do"
If you really need ports open you need to educate yourself as to what you are doing.
Sonos is not to blame here. This is nothing to do with them.
So if you have been hacked the first thing you should do is unplug your router, not the speakers. Your network is open.
I suggest as standard practice you need to do a factory reset on your router that is your firewall...you do have a firewall? Surprising how many don't. Then upgrade to the latest firmware. If your router is 5+ years old it maybe time to invest in a new one.
Also, never ever turn on upnp unless you absolutely know what you are doing.
Userlevel 6
Badge +21
Tigertron wrote:

Networking is so very complex that your average user has no idea how to secure a network. Many will blindly open ports because "that's what they were told to do"
If you really need ports open you need to educate yourself as to what you are doing.
Sonos is not to blame here. This is nothing to do with them.
So if you have been hacked the first thing you should do is unplug your router, not the speakers. Your network is open.
I suggest as standard practice you need to do a factory reset on your router that is your firewall...you do have a firewall? Surprising how many don't. Then upgrade to the latest firmware. If your router is 5+ years old it maybe time to invest in a new one.
Also, never ever turn on upnp unless you absolutely know what you are doing.



Hi Tigertron

You are either new to the community or have never had a reason to join in the conversations until now. Whatever the "why" I just want to say "Welcome". Also I'd like to add that in addition to disabling UPnP there's one more that is easily overlooked but used quite often by the novice for connivence_that being Wi-Fi Protected Setup (WPS). I always recommend disabling WPS and encourage users to learn how to connect their devices manually to their network.
Tigertron wrote:

[...] Also, never ever turn on upnp unless you absolutely know what you are doing.


Sonos didn't work properly until I've turned UPnP on. I've never been hacked.

Reply

    • :D
    • :?
    • :cool:
    • :S
    • :(
    • :@
    • :$
    • :8
    • :)
    • :P
    • ;)

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

    Accept cookies Cookie settings