Skip to main content

With the introduction of the unwanted play.sonos.com which allows Public-facing access to your Sonos system, an attack vector has been introduced towards IoT Sonos products.

As a minimum, 2 Factor authentication should be introduced to allow users greater security over access to any Sonos websites, but in particular to play.sonos.com.

Another enhancement would be the option to turn off access via play.sonos.com to your Sonos system by implementing a switch in your Sonos profile (not in the app, because I am not upgrading to version 80 just to turn play.sonos.com off!)

Great post, exactly what I think about this useless web app.
I really don’t know why this doesn’t have more likes


There aren’t more likes because people are probably not finding this post, or they don’t understand the implications of the web app or what 2FA would do.

As I investigate blocking web access I’m finding out that I don’t like what Sonos speakers are doing. Mine are def going on my IoT lan soon.


I found out about this through a local Dutch forum (Tweakers.net). 
 

it's really unacceptable that such service is introduced:

  • without clear communication
  • with no opt-out 
  • with no proper protection (no 2fa)

Isn't there a port or IP address i can block on my router?


There aren’t more likes because people are probably not finding this post, or they don’t understand the implications of the web app or what 2FA would do.

As I investigate blocking web access I’m finding out that I don’t like what Sonos speakers are doing. Mine are def going on my IoT lan soon.



I wanted to do this too now but I have not been able to get my firewall rules setup correctly as of yet to also still allow my phone local access when on my primary LAN. I even have an mDNS repeater on my NAS