Answered

Is Sonos vulnerable to the KRACK-attack?

  • 16 October 2017
  • 17 replies
  • 3287 views

Hello,

since sonos devices use wifi, is the sonos software vulnerable to the following WPA2 attack?

https://www.krackattacks.com/

If so, will there be an update?

See also:

https://papers.mathyvanhoef.com/ccs2017.pdf
https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/
icon

Best answer by Ryan S 13 December 2017, 01:03

Sonos version 8.2.2 is available today for download and contains the fixes for our previously identified KRACK WPA2 vulnerabilities. Go ahead and check for updates and make sure your Sonos players and controllers all update to this version.

You'll want to make sure all of your other wireless devices have received similar fixes from their manufacturers, if they were found to be vulnerable: such as routers, computers, and mobile devices.
View original

This topic has been closed for further comments. You can use the search bar to find a similar topic, or create a new one by clicking Create Topic at the top of the page.

17 replies

Not any more than your phone, computer, or any other device that connects to your router. It's a router issue, not a device connected issue. I wouldn't think that you'd get any update from anyone other than your router companies.
No, this is mainly a client issue. Please read the articles about it.
As I understand it the attacker would redirect the Sonos appliance to route its traffic through the attackers machine - this puts them in the position to intercept traffic from the Sonos appliance and to listen to the exchange between the appliance and any web-based services that the appliance might connect to.

If the Sonos appliance doesn't apply appropriate caution when connecting to the web services that opens up the possibility of session hijacking and, potentially, forcing the appliance to 'update' using compromised firmware.

That is supposition of course. I haven't actually examined any network dumps between the Sonos appliance and the online services it uses.

The point remains that Sonos appliances could well be susceptible to compromise as a result of the WPA2 KRACK vulnerability.
+1 interested in response
Userlevel 7
Badge +26
Hi everyone,

We're aware of the issues with WPA2 and our team is working to determine any ramifications this may have for Sonos players.

We appreciate your concern and thanks for reaching out.
I'm very interested in this as well. I'm going to be wiring all of my network devices until I learn which of the devices I own are going to be updated to fix this major vulnerability
I'm very interested in this as well. I'm going to be wiring all of my network devices until I learn which of the devices I own are going to be updated to fix this major vulnerability
A good idea, but more so to protect other assets than Sonos if you are concerned. I can't see any gain/incentive to someone that does this in a way that affects just your Sonos kit.
There are two types of attacker that I’d be worried about.

The first is the one that thinks it is funny to Rickroll you at 4am in the morning via your Sonos speakers.

The second is the one that uses a compromised appliance to pivot inside your network. Once they have a foothold inside the network they can subvert traffic from other devices too - including those that are not wireless (depending on the network setup).

There are already documented instances of internet connected smart devices becoming slaves in a botnet. Sure, no-one was worried about IoT lightbulbs being insecure - right up until it is discovered that they are participating in a DDoS attack for criminal organisations...

Perhaps you are reassured that local proximity is needed to compromise the wireless session? Except is that true? Once I have a compromised network in a residential zone they can use that to attack their neighbours. They could hop from one house to the next compromising networks from the inside. You might argue that seems a lot of work for little gain. Once the tools to do this are automated though it becomes trivial to set and forget attacks like this and simply have it harvest credentials and session tokens.

And what of workplaces? I was at the offices of a client a couple of weeks ago and noticed that they had a Sonos setup I. The hot desk area that would allow the drop-in staff to listen to music. If I were an attacker I could use this as an ingress point into the corporate network. Admittedly a corporate network should not have such a device connected without restricting its network access - but ask yourself how likely is it that a company knew enough, or cared enough, to properly segment the network for guests and devices such as this. Just consider the news stories about how a desktop user was the gateway to compromise industrial control systems. Those people should know better - but even they take shortcuts or misconfigure mitigations.

Point is: I’d rather my Sonos appliance not be ground zero for me or my neighbours being hacked. I’d also like to know that my personal information isn’t compromised because a company that holds that data has allowed someone to use a Sonos setup at their place of work from where the attacker was able to pivot into the network and exfiltrate said info.
Okay I might have gotten a little carried away there... I am just worried that security for IoT type devices seems to be a total afterthought. Closing the gate is no good once the horse has bolted.

That being said - I do think that this could be an attack vector into business networks that operate poor network hygiene. Businesses tend to make for more attractive targets of attacks. I’ve worked on technology and business parks where it would be trivially easy to get within range of the target network for an attack such as this. I also know that more than one company based in such premises that use Sonos equipment.
Userlevel 7
Badge +21
Sonos typically sets a very high bar on security, so I'm sure if they're affected by this (and it's very likely they are), they'll have a fix for it as soon as possible. And given their track record of providing updates for even their oldest devices still, they'll do a lot better than others might in terms of fixing the issue for their products.
Hi everyone,

We're aware of the issues with WPA2 and our team is working to determine any ramifications this may have for Sonos players.

We appreciate your concern and thanks for reaching out.


Will you contact the CERT Org to get the CVE note updated once becomes clear whether or not (certain) Sonos devices are vulnerable. -> http://www.kb.cert.org/vuls/id/228519
Definitley a client issue, looking forward to what you folks figure out.
Hi, any news about this ?
tks
Userlevel 7
Badge +26
We have determined certain modes of operation are affected by issues described in the KRACK WPA2 vulnerability announcement (see https://www.krackattacks.com/ if you're not familiar already). The impact is primarily on Sonos systems configured to connect to your WiFi network directly.

We're working on a firmware update to address these vulnerabilities which will be available as soon as testing is complete.
When can we expect the new firmware to be available?
Since it's been over 1 month since Sonos last reply, what is the status of a firmware update to fix this vulnerability that we are fairly certain that Sonos has....since our players are wireless, support WPA2 and are clients?
Userlevel 7
Badge +26
Sonos version 8.2.2 is available today for download and contains the fixes for our previously identified KRACK WPA2 vulnerabilities. Go ahead and check for updates and make sure your Sonos players and controllers all update to this version.

You'll want to make sure all of your other wireless devices have received similar fixes from their manufacturers, if they were found to be vulnerable: such as routers, computers, and mobile devices.