how do you enable security?

  • 29 December 2017
  • 15 replies
  • 6734 views

When you are on the same wireless network as my sonos play:1 device, you have all access to the device.

Download the app, add device, and you are in.
You can even DLNA push whatever you want to the device, provided you are on the same network.

Is there a way to add a password or to lock down some services?

This topic has been closed for further comments. You can use the search bar to find a similar topic, or create a new one by clicking Create Topic at the top of the page.

15 replies

Userlevel 7
Badge +22
Don't give access to those you don't trust to have access to Sonos to your private wi-fi.
Userlevel 7
Badge +21
So many people ask this question... if you don't want people messing with your Sonos devices, don't let them connect to your WiFi. If you still want to allow them access to the internet, look into if your router can set up a second network for guest use, which would be separate from your main network. Many routers have this capability. A separate WiFi network is created with a different range of IP addresses, and the router sets up a firewall between the two networks so people on the Guest network can't access your main network, but can still access the internet.

Some ISP-provided routers/gateways might instead allow access to the ISP's own hotspot service... some of those are even shared among multiple large ISPs, so even if your guest is from another part of the country, they may be able to log into their ISP's account to gain access to the hotspot network of your ISP. And even if logging into their own account isn't possible, most ISPs offer limited time free access to their hotspot (usually an hour or two at a time).

The thing that so many people overlook with giving others access to their WiFi is that those people could also then access your computers, NAS, and other devices on your network too! It's not just about Sonos... you're giving people the keys to your network and any data you might be storing on it if you let them connect!
I was afraid I might get an answer like that :-(

Wifi was not intended for security, so I don't subscribe to the "just keep people out" strategy.
I will set up a local IoT network for those devices, and, if possible, add an SSDP/upnp gateway to I don't have to shift between wifis.

Thanks for the swift replies.
Userlevel 7
Badge +21
If you're going to set up a separate network, why not make that network for your guests, and keep all of your devices on the network they're already on?

If you set up a second "IoT" network and put an SSDP/UPnP gateway between the two, that will still leave your Sonos system accessible to anyone on your main network.
well, in short.. I have children... so limiting who does what will not be shortlisted enough.

I expect to be able to make some basic network level security like limiting which IP/MAC/subnet may access certain devices. That will avoid most accidents (intended or otherwise...)

Also, my setup is fairly elaborate already, so an extra subnet will not add much in terms of complexity.
Userlevel 7
Badge +22
How about tell children not to do it. You don't "Accidentally" download the sonos app.
Userlevel 7
Badge +23
My kids have their own subnet, which not only keeps them away from my Sonos gear, but also forces opendns on them to make it harder for them to get to "bad" sites. Win/win.
@chris: the sonos app is not the main problem - it is more the DLNA part where you just choose which device to push to, and it will override whatever else is running on the device. This includes smart TVs.

@controlav: that is a good idea - this give a guest wifi, parent wifi and children wifi - very doable (and convenient) 🙂
Userlevel 1
Badge
This. I've come to realise that in this regard, Sonos is really backwards thinking. There's not a single thing on a Wifi that's NOT protected by a password these days apart from non-critical things like Printers. The servers, other computers, etc - they all have passwords.

You wouldn't expect to be able to access my Netflix account just becuase you're on my Wifi, surely? Or all the files on my little NAS in the closet? Or my iCloud-picture-stream?

No, this whole "keep them out of the wifi" might have worked 15 years ago but nowadays is completely obsolete.

What Sonos-fans usually say (like in this thread) is:
• Don't let anyone in on your Wifi (which is silly)
• Create a separate Wifi for Sonos (which is equally silly - Sonos can then not access any music library on any servers, nor can I connect to it without switching wifi on my phone).
• Change friends (yes, I've seen that answer several times).

The interesting thing here is: increasing security would not be that hard. Just a PIN-number on the app would suffice. Heck, make it optional - all the old-school Sonos fans can keep their Sonos-system wide open, but for all other new users, office-installations, etc this would solve everything.

Because, let's face it - this request comes up all the time. Seriosly, google "Sonos Security" and you'll find entries decade old posts requesting this. Yes, decades - I just stumbled on one from 2008.

So it's really a question of Sonos not wanting to implementing it. We're talking about a philosophy (which they have so far not managed to explain in any good way) and a group of developers simply not wanting it. And this makes me as a fairly new Sonos-user more than a bit sad.



I was afraid I might get an answer like that :-(

Wifi was not intended for security, so I don't subscribe to the "just keep people out" strategy.
I will set up a local IoT network for those devices, and, if possible, add an SSDP/upnp gateway to I don't have to shift between wifis.

Thanks for the swift replies.
@AndreasHy While I don't have a problem with password protecting Sonos, I don't think you're examples are all that fair. Your Netflix account, your NAS, your iCloud stream...are all accessible outside your wifi. Clearly password protections are needed. Most computers and servers are also available outside of your wifi network and/or mobile and capable of having multiple accounts on them. None of these products and services could possibly be protected by limiting access to your wifi.

And although you may not be interested in the latest tech for home audio, voice control is not password protected either. Ironically, I think voice control could ultimately push for password security on Sonos. It's caused Sonos to have a cloud presense so that Amazon Alexa (and probably others) can access your local Sonos. It's not hard that customers may soon be allowed to access this cloud presence directly....and that must be password protected. If you have to use a password when off your wifi, it should at least be optional to provide a password when on.
Userlevel 1
Badge
@AndreasHy While I don't have a problem with password protecting Sonos, I don't think you're examples are all that fair. Your Netflix account, your NAS, your iCloud stream...are all accessible outside your wifi. Clearly password protections are needed. Most computers and servers are also available outside of your wifi network and/or mobile and capable of having multiple accounts on them. None of these products and services could possibly be protected by limiting access to your wifi.

Servers and other computers on the same wifi, the point still stands. You're right in terms of Netflix, Spotify, iCloud, those were incorrect examples.
My NAS (and I hope, most home-users NAS), and all other computers on home and/or office networks, is not available outside the wifi nor accessible without a password.

The issue so many people through the years have been trying to point out, is that there's a clear need and want for this security feature - and it would not even be that hard to implement.

@AndreasHy And although you may not be interested in the latest tech for home audio, voice control is not password protected either. Ironically, I think voice control could ultimately push for password security on Sonos. It's caused Sonos to have a cloud presense so that Amazon Alexa (and probably others) can access your local Sonos. It's not hard that customers may soon be allowed to access this cloud presence directly....and that must be password protected. If you have to use a password when off your wifi, it should at least be optional to provide a password when on.

This is a really good point, and thank you for making it. It's the most round-about way of geting a feature installed, but if it get's the job done then I'm all for it.



(P.S. I can't seem to find how to edit old posts. The security feature has indeed been requested long, but not a decade.)
I don't currently use a NAS, but I have used NAS and servers in the past located at home accessible from outside my local network.

Like I said before though, I'm not against a password, as long as it's optional/remembered. Since I'm not involved in the software development, I can't say how easy it is to do. My own experience with software development has taught me that what often looks easy from the outside is not always so.

Your cartoon about Alexa isn't exactly accurate. In order to make purchases from Alexa, you first have to enable it through the app. Then, you have the option of specifying a password Alexa will ask you for on all your purchases. So yes, that can happen if someone who has visitors doesn't want to setup a password. Even then, a visitor can't get much use out of items delivered to your house.
Badge
Here's an example: My son wants to bring a Play:1 to college with him. He likes the sound and the system. He will be on the school's network, which is closed, but so highly populated it is effectively open. Having the speaker on that network is an invitation to crazy pranks and sleepless nights. So, it's useless.
Userlevel 7
Badge +23
Sonos has other problems being on a gigantic shared network, like SSDP discovery. The use of a travel network adapter would help both situations.
They need to separate the app into 2 apps. 1 to control music, another to control settings. The logic of telling people not to let other people in their family or guests be able to control something as simple as volume on a multi thousand dollar sound system is a moronic excuse for no security or permission controls in the app. The fact that a billion dollar company is so incompetent they can't get their app controls to display on iOS lock screen is beyond embarrassing - too many clicks to count just to adjust volume controls which have a 1-2 second lag. Have spent about $10k now on our system including install. Hardware is great, but I will NEVER recommend Sonos to anyone until they get their software act together.