With all the recent reports and issues with the WannaCry ransomware I wanted to restrict use of SMB v1 on my home network. My NAS blocks this to the outside world but I wanted to secure things internally as well. I can configure the NAS to not support SMB v1 but this then prevents the Sonos controller app from seeing the share. When will Sonos support later versions of SMB? I had seen another thread on this somewhere and it sounded like it wasn't going anywhere. Is it possible to get an update on this please.
Page 1 / 5
Ya with you guys. I shut off SMBv1 on everything internally including my NAS which broke my SONOS music share. I hope it gets resolved soon. I'm not about to enable SMBv1.
Let's recap: 1) there is a known security risk that the original developer alerted the industry to years ago. 2) Users have allegedly asked Sonos about upgrading the SMB stack for several years now 3) Sonos has made no commitment to fix a known security risk for which there multiple known solutions. You might find this behavior acceptable in your relentless defense of the company, I'm simply puzzled by it.
To me, requiring customers to dumb down their server security carries enormous reputation risk if something does go wrong and many customers are affected by an exploit. I recognize that users are responsible for their own server settings and have to live with whatever security decisions they made but it would be great if Sonos made a commitment to be part of the solution rather than a potential enabler for the problems associated with SMB1 security.
To me, requiring customers to dumb down their server security carries enormous reputation risk if something does go wrong and many customers are affected by an exploit. I recognize that users are responsible for their own server settings and have to live with whatever security decisions they made but it would be great if Sonos made a commitment to be part of the solution rather than a potential enabler for the problems associated with SMB1 security.
I got bit by this today, in an effort to improve security on my Synology NAS, I set SMB V2 as the minimum level. Everything was hunky dory except all of a sudden music library on the Sonos doesn't work. Foolish me, thinking my "premium" audio solution would support SMB levels from this millennium!
In 2010 Sonos didn't have any open source competition. Now not only do they have that competition, but it is better suited for my use case. I don't have to send Sonos any data... at all, I know exactly what network traffic it will generate and it uses modern protocols. Sorry Sonos but you have definitely lost a customer on this one. Your attempts to tell me SMB v1 is secure is complete garbage. Don't pee on my back and tell me it's raining.
I would highly recommend that others look into other options beyond Sonos. It is quite apparent that Sonos will not listen to it's user base. This thread is months old, and the other one is even older. You have had your opportunity to fix this and you refused.
I would highly recommend that others look into other options beyond Sonos. It is quite apparent that Sonos will not listen to it's user base. This thread is months old, and the other one is even older. You have had your opportunity to fix this and you refused.
Reality is, as long as you've kept your computers patched, the fix was released two months ago for operating systems still supported by Microsoft. But that still doesn't mean that SMBv1 should be used when there are better, more secure options available in the form of newer versions of SMB.
Keep in mind that US-CERT is recommending not using SMBv1 as part of its SMB Best Practices... so I think it's pretty important to move on to a newer, more secure version.
Keep in mind that US-CERT is recommending not using SMBv1 as part of its SMB Best Practices... so I think it's pretty important to move on to a newer, more secure version.
Here's the link to the previous topic regarding SMBv1. I fully agree that at this point it should be removed, but NAS devices still ship with it enabled, and most don't provide any way to turn it off either. I would imagine if most NAS manufacturers started removing support for SMBv1, you'd probably find Sonos moves pretty quickly to update their devices.
https://en.community.sonos.com/troubleshooting-228999/sonos-smb-implementation-error-900-when-adding-music-library-6765736
https://en.community.sonos.com/troubleshooting-228999/sonos-smb-implementation-error-900-when-adding-music-library-6765736
We're still looking into options for NAS drives but don't have any specific details I can share. The HTTP share is created by the Sonos app, which NAS drives don't and can't run. I'll make sure to let you all know if there's any news regarding NAS sharing away from SMB1 that I can let you in on in the future.
The missing implementation of SMBv2 just gave me some headache when trying to connect my SONOS setup to the new NAS. I pushed this discussion to twitter. Maybe this helps to get a higher priority. Feel free to comment.
https://twitter.com/naml1t/status/935990595369230336
https://twitter.com/naml1t/status/935990595369230336
We're still looking into options for NAS drives but don't have any specific details I can share. The HTTP share is created by the Sonos app, which NAS drives don't and can't run. I'll make sure to let you all know if there's any news regarding NAS sharing away from SMB1 that I can let you in on in the future.
Any news? In times of WannaCry Sonos should be much faster...
I was thinking on buying some more Sonos speaker, but when they are totally unsecure and there is no change in sight, I even think about selling them again. Even if these are good speakers, but not even supporting SMBv2 ist unjustifiable!!! Especially when not only security advisors but even Microsoft explains this in detail!
If the computer doesn't have SMBv1 enabled, then your Sonos devices - which are what actually do the indexing of your music library - won't be able to connect to your computer. That might explain why the controller comes back with "Not responding" when you try to add the folders (maybe the controller is waiting for a response from the Sonos device(s) that they're able to connect and are in the process of indexing the music), but the controller itself is only telling your Sonos devices to connect to your computer, it's not actually doing anything with your music.
BTW, a little motivation for Sonos to finally upgrade... Microsoft will be disabling SMBv1 in the Windows 10 update that will hit this fall, expected around October or November. It should be noted that this will be for NEW installations of Windows 10 (new computers, clean reinstallations, etc.)... upgrade/update installations will continue to have SMBv1 enabled if it had not been disabled by the user.
Maybe a little more motivation... Microsoft is maintaining a list of products that require SMBv1, so they can tell people NOT to buy those products. Yes, Sonos is on that list.
BTW, a little motivation for Sonos to finally upgrade... Microsoft will be disabling SMBv1 in the Windows 10 update that will hit this fall, expected around October or November. It should be noted that this will be for NEW installations of Windows 10 (new computers, clean reinstallations, etc.)... upgrade/update installations will continue to have SMBv1 enabled if it had not been disabled by the user.
Maybe a little more motivation... Microsoft is maintaining a list of products that require SMBv1, so they can tell people NOT to buy those products. Yes, Sonos is on that list.
Sonos,
1) Linux has supported SMBv2 for a number of years now, SMBv3 is also supported
2) As per the above statement, the ability to update the Sonos SMB support should not really be too difficult at all ... the libraries are out there. Update your Linux kernel if necessary and then the SAMBA version
3) The September / October Windows 10 Fall release that disables SMB v1 by default is just around the corner. I sure hope that the solution is NOT to turn it back on and make your customers less secure and reliant on 30+ year old technology
4) Your silence regarding this issue is unacceptable / communication with your customers instills trust ... that is definitely not what you're doing
5) Please respond with a real solution, not a workaround
Thanks,
Robert
1) Linux has supported SMBv2 for a number of years now, SMBv3 is also supported
2) As per the above statement, the ability to update the Sonos SMB support should not really be too difficult at all ... the libraries are out there. Update your Linux kernel if necessary and then the SAMBA version
3) The September / October Windows 10 Fall release that disables SMB v1 by default is just around the corner. I sure hope that the solution is NOT to turn it back on and make your customers less secure and reliant on 30+ year old technology
4) Your silence regarding this issue is unacceptable / communication with your customers instills trust ... that is definitely not what you're doing
5) Please respond with a real solution, not a workaround
Thanks,
Robert
The problem is that as long as companies produce products that rely on old out of date software other companies have to continue to support them to remain relevant in the market, it's a vicious cycle.
Another day (June 27th), another massive attack using the SMBv1 vulnerability. Microsoft reiterated the "Disable SMBv1" for all users, corporate AND home. I bet that an upcoming Patch Tuesday will turn off SMBv1 BY DEFAULT ... which would result in a FLOOD of support issues as every Sonos user with a music library finds that it has stopped working.
Acknowledged: some "legacy" NAS boxes use SMBv1.
Solution: Sonos moves to SMBv3.
Ideal solution: Sonos moves to SMBv3 AND offers a checkbox to revert back to SMBv1 under Advanced Settings.
Staying on SMBv1 puts Sonos users at risk as we cannot follow Microsoft's strong advice to disable SMBv1. Staying on SMBv1 puts SONOS at risk of universal customer backlash should Microsoft disable SMBv1 in a Patch Tuesday.
Acknowledged: some "legacy" NAS boxes use SMBv1.
Solution: Sonos moves to SMBv3.
Ideal solution: Sonos moves to SMBv3 AND offers a checkbox to revert back to SMBv1 under Advanced Settings.
Staying on SMBv1 puts Sonos users at risk as we cannot follow Microsoft's strong advice to disable SMBv1. Staying on SMBv1 puts SONOS at risk of universal customer backlash should Microsoft disable SMBv1 in a Patch Tuesday.
"Oh, no one has fallen victim to this attack vector, so we shouldn't worry about fixing it" ... is that your approach? I sure hope you aren't responsible for securing data anywhere important.
It's a software stack, no hardware needs to change. UNLESS you have an extremely out of date media server. and I am talking pretty close to last century! reality is any media server built since 2003 is capable of at least SMB 2. the difference is that SMB 1 was built when all networks were closed pre-internet networks. SMB 2 was the first file handler for connected networks and predates Sonos as a concept.
The software stacks are even available as libraries so no need to even write them from scratch just integrate the library into the network stack.
I also have a work around that works for me, but I can't sell Sonos to my Nan unless she can get an off the shelf media server that works with it. which at the current time she can't do. but she can use Samsung, or Philips or Apple or....
So the upshot of that is your Sonos kit becomes unusable as the company vanishes, outsold by inferior but more modern technology from the big money companies.
The software stacks are even available as libraries so no need to even write them from scratch just integrate the library into the network stack.
I also have a work around that works for me, but I can't sell Sonos to my Nan unless she can get an off the shelf media server that works with it. which at the current time she can't do. but she can use Samsung, or Philips or Apple or....
So the upshot of that is your Sonos kit becomes unusable as the company vanishes, outsold by inferior but more modern technology from the big money companies.
The 8.6 "solution" is no solution at all. NAS users tend to be the audiophiles who were drawn to Sonos for its audio quality and have ginormous libraries on NAS. And Sonos has ignored us for years. In fact, it seems they are preparing to abandon their most committed customers to compete with Echo, Home and HomePod.
But now that they are public, they will probably be more likely to respond to a social media campaign. As posters here know, they've consistency ignored the feedback from these forums. Join me on Twitter and let's see if they respond any differently: https://twitter.com/yobyot/status/1025790462072967169
But now that they are public, they will probably be more likely to respond to a social media campaign. As posters here know, they've consistency ignored the feedback from these forums. Join me on Twitter and let's see if they respond any differently: https://twitter.com/yobyot/status/1025790462072967169
I'll be happy to pull out my pom-poms and cheerleading uniform when Sonos delivers the goods, not sooner.
And there it is, the personal attack.
For your info, I've been posting for 9 years. That's less than 4 posts a day, the majority of which are helping people. But hey, attacking the messenger instead of the message is always an effective way to argue. :8
The problem is that if they don't solve it, and there is another high publicity hack on SMB 1, or just because why bother to include SMB 1 so Linux and Microsoft stop including it rather than the current default of including it but turning it off. SMB 3.1.1 as I understand it works with SMB 2 and is smaller than SMB 1 (all of the versions from 2.0 onwards use a fraction of the network bandwidth of SMB 1 which is actually a NetBios LAN based system from before the days of WAN)
My set of speakers has largely remained unused for the three years I've had them. Evidently VLANs are another decades old technology that are too challenging for Sonos to figure out. I finally figured out how to overcome that hurdle, but now ridding my network of SMB1 has rendered them useless again. It may be too late already, but Sonos is really alienating a lot of current and potential customers. People like me who have discovered the wonders of sub $50 Chromecast Audio adapters.
I contacted support but they just DON'T CARE! They even said that just using it at home, and now it comes, IS NO RISK AT ALL!
That said I 'm not only angry, I will even tell everyone around me to stop buying sonos!
That said I 'm not only angry, I will even tell everyone around me to stop buying sonos!
Sonos makes zero commitment to 99% of the requests on this forum, then they will show up on a release, sometimes years later. Once again, you have no information on what Sonos is or is not working on, and therefore shouldn't be making definitive statements.
Sonos has made zero commitment in these forums regarding this feature request, one that is allegedly 3 years old.
I have no way of verifying whether it's been three years or not but Microsoft has been pretty vocal about dropping SMB1 and NTLM v1 in particular for several years now. Presumably, the folk at Sonos who do the network stack development are aware said stance and the potential consequences of not offering SMB2 support.
Requiring customers to dumb down the security of their servers to use a product doesn't seem particularly helpful. No server I'm aware of allows customers to selectively enable/disable SMB1 on a per share basis, but I'm happy to be wrong. At least for FreeNAS, it seems to be an all or nothing thing. Forums for Synoloy, QNAP, etc. also document how to revert a server to SMB1 after server software upgrades disable SMB1 support by default.
I'm not advocating for Sonos to abandon SMB1 and only use SMB2+, as that might impact their users negatively. But giving users the option of using SMB2+ would be great. There was a time when feature requests could be reviewed/logged at ask.sonos.com. Any idea what happened to that since you seem to know so much about the company and its policies?
I have no way of verifying whether it's been three years or not but Microsoft has been pretty vocal about dropping SMB1 and NTLM v1 in particular for several years now. Presumably, the folk at Sonos who do the network stack development are aware said stance and the potential consequences of not offering SMB2 support.
Requiring customers to dumb down the security of their servers to use a product doesn't seem particularly helpful. No server I'm aware of allows customers to selectively enable/disable SMB1 on a per share basis, but I'm happy to be wrong. At least for FreeNAS, it seems to be an all or nothing thing. Forums for Synoloy, QNAP, etc. also document how to revert a server to SMB1 after server software upgrades disable SMB1 support by default.
I'm not advocating for Sonos to abandon SMB1 and only use SMB2+, as that might impact their users negatively. But giving users the option of using SMB2+ would be great. There was a time when feature requests could be reviewed/logged at ask.sonos.com. Any idea what happened to that since you seem to know so much about the company and its policies?
I put my insecure stuff on a dedicated LAN segment that is blocked from communicating with the rest of my stuff on other, more trusted segments. It isn't a solution but at least it limits any problems as much as possible.
Just disabled SMB2 in our network and moved the library to a Linux box instead.
A shame that SONOS still doesn't support SMB2. Last time I looked in the calendar it was 2017.
A shame that SONOS still doesn't support SMB2. Last time I looked in the calendar it was 2017.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.