My Sonos was hacked or hijacked

  • 26 April 2024
  • 4 replies
  • 72 views
hahnsburg
Badge

My Sonos system was recently hacked or hijacked.   One of my “rooms” in my house suddenly started playing head-banging music at highest volume.   Appears to have been a song streamed from Spotify.   I did not request this music, and did not recognize the song (full of explitives).   When I tried to stop the song and turn down the volume, the song would restart and the volume control was sliding back to maximum.   Clearly I was not in control of this device and service.

I powered down my entire house AV system (modem, router, Sonos system, etc..).   I also did strong-password update to modem, wireless access points, WiFi, Sonos, and Spotify.

I’ve uploaded support diagnostic information to the community.

Is Sonos aware of these invasive events?

4 replies

jgatie

If you allow someone on your Wi-Fi and they connect to Sonos via their Spotify app, they can remotely control Sonos under certain conditions.  I suggest setting up a guest Wi-Fi account for visitors.  If it happens again, you can stop it by playing any other source to the room that is hijacked.  This will knock the user off your Sonos. 

Ken_Griffiths

This old thread may also throw some more light on things and ways to end old Spotify sessions…

 

Stanley_4
Userlevel 7
Badge +22

I’ve uploaded support diagnostic information to the community.

Is Sonos aware of these invasive events?

Sonos does not normally look at diagnostics until you contact them so they are likely not aware of your issue.

Sonos does look at diagnostics when submitted close enough to the event time (10-15 minutes) and they are contacted and asked to. They can usually identify the source of the request to play the music.

I don’t recall any instance of Sonos being hacked, all I’ve seen have been tracked back to a user with access or the household cat looking for a warm napping spot.

Airgetlam

And the community has no access to the diagnostics. This is reserved for Sonos employees, unfortunately. 

Bruce

Reply


Terms & ConditionsCookie settings