Must have PASSWORD PROTECTION to our business Sonos setup
Userlevel 1
Yes we have guest WiFi, but employees are on internal WiFi to access fileservers and resources. And no one has Admin access to install the Sonos app BUT Spotify has now added a Sonos feature and Spotify can be downloaded WITHOUT admin approval or install password - so the onus is now on Sonos to be able to protect playlists on the company Sonos systems. I would NEVER recommend a Sonos system to a corporate business for this one reason. Clients are here and then someone throws on heavy trap rap and N this and N that or whatever. And now it looks like the IT dept has no control over their employees and or systems and there's no way to know who made the change for a reprimand - ridiculous. HIGHLY RECOMMEND A PASSWORD ONLY SYSTEM. It's been 4 years now we have been asking for this and nothing. Sonos = No STARS. #FAIL
This topic has been closed for further comments. You can use the search bar to find a similar topic, or create a new one by clicking Create Topic at the top of the page.
To be fair, I don't think Sonos has never said it was designed for a business environment. However, I can definitely see where this is an issue.
I could be off on this, but I believe there is a way Sonos can tell you what device gave a command. Next time an employee does this, you can go into the Sonos app and submit a diagnostic. A sonos rep can then look at the diagnostic log and tell you what happened. It may just be an IP address and device type though, not enough to identify an employee.
You probably can block Spotify from accessing your wifi network as well. At my place of employment, there are several apps that will not work on my phone will it's connected to the company wifi. That may be punishing everyone for the crimes on one, but it will stop the issue and maybe you can remove the block after then get the message.
Another option is to get a 3rd wifi network just for Sonos that only authorized employees have the password to. That may not be feasible depending on the size of your office.
I could be off on this, but I believe there is a way Sonos can tell you what device gave a command. Next time an employee does this, you can go into the Sonos app and submit a diagnostic. A sonos rep can then look at the diagnostic log and tell you what happened. It may just be an IP address and device type though, not enough to identify an employee.
You probably can block Spotify from accessing your wifi network as well. At my place of employment, there are several apps that will not work on my phone will it's connected to the company wifi. That may be punishing everyone for the crimes on one, but it will stop the issue and maybe you can remove the block after then get the message.
Another option is to get a 3rd wifi network just for Sonos that only authorized employees have the password to. That may not be feasible depending on the size of your office.
Userlevel 1
Actually that's some good information. I can check the logs in console and it does supply IP, which I can then match with employee systems through DNS/DHCP. I do have a separate subnet I could put the speakers on and that is another great idea, but there are 4 of us who have legitimate Sonos access and we can't be switching subnets just to change a song, that's more admin than I already have.
Back to the password issue, saying it's not setup for business is an wrong statement, since Sonos approached our business to promote their product, and businesses are more likely to cough up the bigger investment for their conf rooms and common areas and LAN availability for hard wiring. Most homes do not have an ether port right where they want it. And with families, I'm sure parents would want to 'lockdown' their Sonos system so the kids don't have access, so password, yes, it's important. Not talking parental controls (explicit music) just access. Right now it's just a free for all and you would think a password would also stop intruders from controlling your speakers from outside your home. It is pretty easy to hack a WiFi system.
So Sonos, when will you setup a password access function? Or at least admin accounts? Maybe tie-in to LDAP or AD? that would be cool.
Back to the password issue, saying it's not setup for business is an wrong statement, since Sonos approached our business to promote their product, and businesses are more likely to cough up the bigger investment for their conf rooms and common areas and LAN availability for hard wiring. Most homes do not have an ether port right where they want it. And with families, I'm sure parents would want to 'lockdown' their Sonos system so the kids don't have access, so password, yes, it's important. Not talking parental controls (explicit music) just access. Right now it's just a free for all and you would think a password would also stop intruders from controlling your speakers from outside your home. It is pretty easy to hack a WiFi system.
So Sonos, when will you setup a password access function? Or at least admin accounts? Maybe tie-in to LDAP or AD? that would be cool.
Userlevel 7
+20
Back to the password issue, saying it's not setup for business is an wrong statement, since Sonos approached our business to promote their product, and businesses are more likely to cough up the bigger investment for their conf rooms and common areas and LAN availability for hard wiring. Most homes do not have an ether port right where they want it. And with families, I'm sure parents would want to 'lockdown' their Sonos system so the kids don't have access, so password, yes, it's important. Not talking parental controls (explicit music) just access. Right now it's just a free for all and you would think a password would also stop intruders from controlling your speakers from outside your home. It is pretty easy to hack a WiFi system.
So Sonos, when will you setup a password access function? Or at least admin accounts? Maybe tie-in to LDAP or AD? that would be cool.
Hi kastner1234,
At this time there isn't a password feature built-in to the Sonos app. It's an interesting idea though, and I'll send along a feature request to the development team.
Right now the best way to limit access to the Sonos system is to do so through access to the wireless network.
Userlevel 1
Cool! So it looks like I would need to VLAN the WiFi system and only grant access to admin users for now. Again, that's just more to admin but is a workaround. Sometimes employees stay all night and we allow them the right to use the Sonos, but they also need to be on the main WiFi to access fileservers - a password is a solid solution since it could be changed periodically. Look forward to it 🙂
Userlevel 7
+23
You could probably disable Spotify entirely by switching your Sonos account to a country that doesn't support Spotify.
Userlevel 1
John B. you are spot on. Why don't they just say "No. We don't have that nor are we planning to implement that." This idea has floated around since the beginning with Sonos, and with the IOT these days, devices being hacked, taken over, why is Sonos any different? It's a wired/WiFi IOT device and is not secure. A simple passphrase to access the controller should be a requirement, not a feature. Let's see if this GDPR thing in Europe hits Sonos and they start securing their devices.
Userlevel 7
+23
GDPR has nothing at all to do with data or security on your local network. That is yours to manage.
Userlevel 1
I know what GDPR is and what it entails since I work for a global company, I was referring to data security breach and if Sonos is an IOT device (which it is) and can get hacked (re-programmed, malware, bot) and it has access to my company network and Wireshark or Alienvault tags this IOT device as a hub for transferring network info (which includes assets, employee information, etc.) - then Sonos is responsible for not locking down their IOT device. It's a far reach and way off base from my initial question, but Controldav, thank you for your omniscience, but you failed at what my point is and that we are talking a global business - so yes, GDPR does have to do with security of employee and client information in the U.S.
So controldav, how have you helped this conversation exceptt trolling the community with your useless reply?
And your reply saying I could change Spotify to a country that doesn't support Spotify? I'm supposed to admin my corporation and disable Spotify (we work with Spotify) just to use an app? Stop trolling dude and help with the conversation. Sonos needs a secure system, period.
So controldav, how have you helped this conversation exceptt trolling the community with your useless reply?
And your reply saying I could change Spotify to a country that doesn't support Spotify? I'm supposed to admin my corporation and disable Spotify (we work with Spotify) just to use an app? Stop trolling dude and help with the conversation. Sonos needs a secure system, period.
Userlevel 7
+23
Thanks for the rant, but my advice was to change the country of your *Sonos* account to a non-Spotify supporting country. This would solve your problem. Right now. Instead of waiting for Sonos to add some security feature, that seems very unlikely based on history. In homes, which is where most systems are installed, it does not need a "secure system". Look at the setup issues some folks have on these forums today, imagine how bad it would be if every device required a PIN.
Userlevel 1
Controlnav, sorry for the rant, took out my frustration with Sonos on you and I do appreciate your help. And the reason for malware so prevalent today is becuase nothing is secured. Every device should have a PIN at least, or two-step verify. We live in a time that all my websites, networks, routers, switches are constantly being monitored for the thousands of threats a day I get from all over the world. And there are security issues with Sonos: http://www.eweek.com/security/security-flaws-found-in-sonos-internet-connected-speakers
I took a look at the article you posted. Sonos fixed the issue already without adding authentication. The article does recommend adding authentication to Sonos, but it is referring to administration and monitoring functions, not access to the system as a whole system. Besides, your initial complaint had nothing to do with security from hacking, but from keeping your own employees from using the system against managements request that they do not.
BTW, I would think you're problem may become a little worse once airplay 2 is implemented. As I understand it, anyone with an apple phone will be able to stream audio from any source on their phone to Sonos speakers. That may be easier to monitor and/or control though as it is a stream from a local source on the network vs something coming from outside the network.
BTW, I would think you're problem may become a little worse once airplay 2 is implemented. As I understand it, anyone with an apple phone will be able to stream audio from any source on their phone to Sonos speakers. That may be easier to monitor and/or control though as it is a stream from a local source on the network vs something coming from outside the network.
Userlevel 1
Yes, Airplay 2 will make everything null and void and Spotify already has Sonos play built into it, so everyone has access to the speakers at any time with their phones. This is why a simple PIN code, JUST LIKE AIRPLAY from Apple. We use them in our Conf rooms, and if we couldn't add a PIN code to use it, it would be quite embarrassing during a client meeting. Same should apply to Sonos. Even though they 'patched' it means nothing in the future for zero day exploits or any other exploits.
While my original question was basically answered 'it ain't gonna happen' - I started to think of all the other security issues with connected devices, especially since I'm in charge of keeping a company running including IOT security. Or if I could at least find out who's connecting. Anyway, I need full control over the things I purchase and install in my Enterprise environment, that's it.
While my original question was basically answered 'it ain't gonna happen' - I started to think of all the other security issues with connected devices, especially since I'm in charge of keeping a company running including IOT security. Or if I could at least find out who's connecting. Anyway, I need full control over the things I purchase and install in my Enterprise environment, that's it.
Userlevel 1
Yes SONOS (and everyone posting here), you are vulnerable to DNS rebinding attacks. https://www.wired.com/story/chromecast-roku-sonos-dns-rebinding-vulnerability/
To quote from the article: "Google, Roku, and Sonos have all patched or are in the process of patching their device operating systems to plug the vulnerabilities Dorsey described."
I agree completely with the need for passwords. I'll put up a post detailing my problems in another thread.
Here to add to the huge list of people that want a password feature. It's absolutely ridiculous no such feature exists. I bet Sonos is storing our passwords in plain text on their systems too. I really worry about you guys!
Same issues as everyone else. Sonos is used in a business environment. Employees download the phone app and change the music when management is away. Hiring people is expensive and lecturing the staff across all our locations is a waste of resources. Sonos is obviously not designed to be used in a business environment.
Same issues as everyone else. Sonos is used in a business environment. Employees download the phone app and change the music when management is away. Hiring people is expensive and lecturing the staff across all our locations is a waste of resources. Sonos is obviously not designed to be used in a business environment.
What I see here is a customer requesting a simple thing, that is a single password option that might be helpful to many people.
And in the other side, there are people saying that there is no need and it is a particular request !
Come on guys! What is the matter to have this simple feature implemented??
Even if you don't believe that people would use it, don't say that no one would appreciate!
I don't need specifically this feature 99% of my time, but during parties at home, I would love ! Friends tend to bypass others in the set list and having the ability to avoid and control access, it would be very helpful!
Despite that, I don't see any harm to have the feature implemented as I don't see any problem to have now the ability to turn off wifi in my players.
Sonos, how difficult is to implement such feature??
And in the other side, there are people saying that there is no need and it is a particular request !
Come on guys! What is the matter to have this simple feature implemented??
Even if you don't believe that people would use it, don't say that no one would appreciate!
I don't need specifically this feature 99% of my time, but during parties at home, I would love ! Friends tend to bypass others in the set list and having the ability to avoid and control access, it would be very helpful!
Despite that, I don't see any harm to have the feature implemented as I don't see any problem to have now the ability to turn off wifi in my players.
Sonos, how difficult is to implement such feature??
Userlevel 7
+23
I find it ironic that there are many threads demanding passport protection, and yet also many threads complaining about the requirement to register an account with Sonos. The pending security work will use that same account login to secure the communications to your devices. You cannot please all the people, all the time, clearly.
To use a Sonos system at a business location just put it all on a VLAN, and then only allow a limited few access to that VLAN. Problem solved.
To use a Sonos system at a business location just put it all on a VLAN, and then only allow a limited few access to that VLAN. Problem solved.
Userlevel 7
+21
There are just as many people here that want MORE security as there are that want LESS. Passwords are a pain. We all have more than enough of them. Even if Sonos were to just reuse the Sonos account password, it's still an annoyance to many to have to type it in to access things. Even moreso on the small screen of a phone.
And even if they add more security, they'll never secure EVERYTHING that everyone wants... then the complaint "Why didn't you add a password to [feature or function] too???!??!?". Like controlav said... you can't please all the people all the time. Maybe they just need to add a gazillion settings for "Security"... and just let everyone select how little or how much they want. THAT would be a great look for the app, don't ya think? A big list of items that you could turn password security on or off for.
"It's just a simple thing!"... no, it's not.
And even if they add more security, they'll never secure EVERYTHING that everyone wants... then the complaint "Why didn't you add a password to [feature or function] too???!??!?". Like controlav said... you can't please all the people all the time. Maybe they just need to add a gazillion settings for "Security"... and just let everyone select how little or how much they want. THAT would be a great look for the app, don't ya think? A big list of items that you could turn password security on or off for.
"It's just a simple thing!"... no, it's not.
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.