Speaker password feature needed ASAP!

Sonos could 100% protect their API from both internal and external attacks and not come close to giving you what you wished for in your OP.

Now that is interesting. How do you propose they do that while allowing Airplay access without any authentication (which is what we have now)?

Still ignoring my original request, I see.

Done with you.

Here is one example of the many exploits intruders use gain access to a network. If this researcher hadn't shared his results with Sonos our devices would still be vulnerable to this attack. This article is well worth the time to read:

https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325

"Like Google Home, Sonos WiFi speakers can also be controlled by a remote attacker (CVE-2018–11316). By following the wrong link you could find your pleasant evening jazz play list interrupted by content of a very different sort. That’s fun for simple pranks, but ultimately pretty harmless, right?

After a bit of digging I found a few other interesting links to be followed on the Sonos UPnP web server that might not be so innocent. It appears that several hidden web pages are accessible on the device for debugging purposes. http://192.168.1.76:1400/support/review serves an XML file that appears to contain the output of several Unix commands run on the Sonos device (which itself seems to run a distribution of Linux).

http://192.168.1.76:1400/tools provides a bare bones HTML form that lets you run a few of these Unix commands on the Sonos device yourself! The Sonos HTTP API allows a remote attacker to map internal and external networks using the traceroute command and probe hosts with ICMP requests with ping using simple POST requests. An attacker could use a Sonos device as a pivot point to gather useful network topology and connectivity information to be used in a follow up attack."

That last sentence is very important. By poking devices an attacker is learning what is on the net. The more information gained the greater the chances of finding a weakness that allows more access to the network. This type of attack is stopped in its tracks with authentication.

Once again, that was because some idiots opened up port 1400 for all the world to see. You would have to enter your router setup and free up that port for this to happen. Certainly one so consumed with security would never do something like that? Also, that type of attack has been plugged, with no need for a password on the app (not that a password on the app would do anything to intercept someone bringing up web pages on the Sonos UPnP web server).

Still waiting for one of the "many exploits" . . .

Once again, that was because some idiots opened up port 1400 for all the world to see. You would have to enter your router setup and free up that port for this to happen.

I disagree with your statement that this is about port 1400 being open on the router (it did not have anything to do with router/firewall settings, see this article https://en.wikipedia.org/wiki/DNS_rebinding). The issue is that Sonos assumes that the network will be secure and therefore they have not secured the Sonos API with authentication so the devices are vulnerable to this type of browser based attack). There is no such thing as a secure network if the network is connected to the internet or has wifi as part of the network architecture.

I agree with the sentiments expressed in the original post i.e. having some kind of control to restrict open access to the whole Sonos network when using AirPlay2. I have a separate post on related matter ; I have two apartments located one above the other, which both use the same router / wifi. Set up with separate Bridges hardwired to same router, and creating two Sonosnets, each unique to an apartment. Using Apps to control the speakers in this way maintains the integrity of the separate network, with no-one in one apartment being able to play music in the other. I'm considering making these separate homes "smart homes" for lighting etc using Alexa. Sonos One units would replace Play Ones. Using App controllers would be no different to existing set up. However, I think Airplay 2 functionality would make ALL speakers across BOTH homes be transparent as potential speakers, which could lead to annoying unwanted playback in the wrong apartment.
I have another home elsewhere which I've smartened with Echo Dots linked to Sonos. I think this gives me the choice of searching for Sonos products and then deselecting those not required. Using Echo Dots would I think achieve the "closed" Sonos environments required.
Some switch/ selector/ password to restrict open access to ALL sonos speakers would be greatly appreciated.
I can understand in the majority of cases, Airplay2 will fulfil most users' requirements. However, other like me and the premier poster require something a little bit more bespoke.

I agree with the sentiments expressed in the original post i.e. having some kind of control to restrict open access to the whole Sonos network when using AirPlay2. I have a separate post on related matter ; I have two apartments located one above the other, which both use the same router / wifi. Set up with separate Bridges hardwired to same router, and creating two Sonosnets, each unique to an apartment. Using Apps to control the speakers in this way maintains the integrity of the separate network, with no-one in one apartment being able to play music in the other. I'm considering making these separate homes "smart homes" for lighting etc using Alexa. Sonos One units would replace Play Ones. Using App controllers would be no different to existing set up. However, I think Airplay 2 functionality would make ALL speakers across BOTH homes be transparent as potential speakers, which could lead to annoying unwanted playback in the wrong apartment.
I have another home elsewhere which I've smartened with Echo Dots linked to Sonos. I think this gives me the choice of searching for Sonos products and then deselecting those not required. Using Echo Dots would I think achieve the "closed" Sonos environments required.
Some switch/ selector/ password to restrict open access to ALL sonos speakers would be greatly appreciated.
I can understand in the majority of cases, Airplay2 will fulfil most users' requirements. However, other like me and the premier poster require something a little bit more bespoke.You could try using the AirPlay Password security feature in Apple HomeKit, creating two (or more) separate Homes for each group of speakers and giving each Home entirely different passwords... and registering the appropriate speakers accessories in each home.

Any user will then need know the password to use each group of speakers. Also you (the Home administrator) can also set access security, so that the user has to be a member of the Home too. You can also disable the 'editing' features for the Home, so that any Home that is shared, remains secure.

Thanks - that sounds most helpful. Hadn't thought of control being via Apple but concentrated on Sonos solutions. It's success all depends on whether HomeKit will recognise two created homes to replicate the two segregated "homes" under Sonos, despite being on same WiFi/ Password etc. If the HomeKit works like this, within a physical house by perhaps enabling Upstairs/ Downstairs groups then indeed it should work since in my set up, the only difference between separate zoned access in a single house and my situation is the existence of front doors since one apartment is immediately above the other. Thanks again.

IJN,

Yes you can create multiple 'secure' homes in the HomeKit App... see attached screenshot.

Hope that helps?

That's very helpful.

Thanks for the suggestion. I'll send along a feature request to add password protection to the Sonos system.

This would be a must appreciated feature!
I know the thread is old, but still within the top 5 most commented threads on the community.
Any update on Sonos' thoughts on this?