Skip to main content

Hello community,

while not meant as rant, I need to voice my disappointment.

Sonos requires SMBv1 since a long time now, to be able to use shared music “folders” on a local network. Requests to update are voiced from the community since years now (just search the forum for SMBv1 and error 900).

SMBv1 is considered not secure anymore, and one will hardly find any software that still requires that old protocol version - save Sonos.

I mitigated the issue for some time now, by isolating the network share (and the related data) into a dedicated hardware, to not expose more important files on a common file server to potential risks.

No longer.

This ends my journey with Sonos - as they left me with the impression, that the security of my home environment is of no interest to them.

It’s sad, as I liked their product…

Greetings… and good bye!

Hi @wor8utzfhsdjk,

Thanks for reaching out to the Sonos community and for letting us know about your concern. Let me help you with this.

Security of your home environment is important. Computer manufacturers advised their customers to disable SMBv1 due to vulnerability and security risks. The SMB protocol is a network file sharing protocol that allows applications on a computer to read and write to files and to request services from server programs in a computer network. You can transfer your music to your PC or Mac to host your files. You only need to enable SMB if you're sharing your files from a NAS drive.

Let me share this community thread that might help you.

https://en.community.sonos.com/music-services-and-sources-228994/synology-smbv1-docker-container-workaround-6849613

Please feel free to reach out if you have further questions or concerns, we’ll be glad to assist you. 

Hello @Rowena B. 

thanks for your advice.

Unfortunately, your advice highlights the fact, that Sonos - as app provider - is not willing to invest into the security of its app solutions. At least not for the “home networking” use cases / community.

Forcing lengthy workarounds on your users (for years) to contain / deal with security risks created by your app’s behaviour or requirements is telling a very clear story here.

I understand, if you want to move to “cloud only” scenarios…, and thus, investing into home networking requirements is not fitting your business bill anymore.

But it would be fair to your customers, to clearly say so…

I drew my conclusions based on your (Sonos) business behavior - and I currently see no signs, that would prove me wrong.

Anyway - thanks for the kind reply.

Greetings

BJ

 

Are you saying that Sonos use SMB 1 to allow them to  have a back door into your media which was closed in SMB2 and later 

Are you saying that Sonos use SMB 1 to allow them to  have a back door into your media which was closed in SMB2 and later 

 

Surely it’s the most intriguing thing to expose your taste in music to the world.

Sonos doesn’t use SMB v1 to access your internal data, that is all picked up using Internet friendly protocols. You can easily see what is going where with a simple firewall logging rule that lists all connections from your Sonos gear.

So many other topics on why SMB v1 recently I’ll let you read about that there.

Terms & ConditionsCookie settings