Answered

SMBv2 support voor Sonos App


Why for the love of god are you still require users to use SMBv1 voor NAS Support?

This is unacceptable from a security standpoint and your responsability as a company towards your end users.

 

Closing topics like below one is not a solution to your flaud implementation for NAS/Samba support.

https://en.community.sonos.com/setting-up-sonos-228990/sonos-support-for-smb-2-0-protocol-6739642/index9.html

 

What is Sonos gonna do to properly support NAS/Samba.

icon

Best answer by Ryan S 3 January 2020, 01:19

View original

This topic has been closed for further comments. You can use the search bar to find a similar topic, or create a new one by clicking Create Topic at the top of the page.

15 replies

Userlevel 7
Badge +22

Probably never.

Too many other topics on subject this already with a wealth of information so I’ll leave it at that.

Userlevel 7
Badge +26

That thread was closed because of how long it went without a reply. We do close down threads that are old so they don’t get revived with unrelated questions. I’ll be sure to let the team know that people are still talking about support for more updated SMB formats, but I don’t have any news to share on the topic.

Weird, such a big company not taking security and functionality serious.

I understand why you close down topics since people wont take this lightly i reckon.

Probably best to do the same for this one, i will be looking to some other company.

Userlevel 7
Badge +22

Packetguy - If you check back in about a year you can check to see if Sonos has closed this topic too.

If it hasn’t had any further replies it should be locked, if someone replies that restarts the timer and you’ll need to wait another year before checking again.

Badge

I'm in disbelief at the lazy and irresponsible attitude from Sonos on this, forcing users to downgrade to an insecure SMB v1 connection just to access their media library.

As a reminder, SMB v1 was responsible for the WannaCry ransomware outbreak which caused havoc over the internet. It's astonishing that Sonos is unwilling to fix a blatant security leak for which a simple and proven update exists. Which is publicly available, so likely very little programming effort is required. This is unbefitting for a company that prides itself on having the best software in the industry.

PLEASE Sonos, show us you about security for your users and the internet, and fix the music library function.

Userlevel 5
Badge +16

Hi @mxr.

We highly appreciate your input and all your feedback for this is essential to make Sonos a more intuitive system.

I can definitely see the importance of this and I'm sure many others would agree, though we do not have any specific details that I can share around, just yet. I’ll make sure that your voice is heard, log this request, and pass it along with the team.

 

Please let us know if you have additional concerns, we’d be glad to send them up for you.

Badge

Dear @Annazel S thank you for your response, much appreciated to hear from Sonos on this.

I would appreciate your follow-up and formal response from Sonos if, how and when the SMB issue will be resolved. Right now users and community members are left guessing, so any answer is helpful (even "no, we won't fix this” will allow users to move on and find alternatives).

There have been multiple threads about this in the community as @Stanley_4 mentioned above. Some hypothesize that older devices may not be able to upgrade beyond SMB v1. I don’t know if this is true, but if hardware constraints are the issue it's okay for Sonos to tell us about this. And if that's the reason, newer devices shouldn't have this bottleneck.

Also for me, I have several Sonos Conect:Amps throughout the house and recently purchased an additional new Amp to use with my TV for a stereo home theatre setup via HDMI ARC. But right now I'm hesitant to upgrade my Conect:Amps and invest even more in the Sonos ecosystem, before I know what support for local media and high-res audio will be in S2.

Userlevel 5
Badge +16

Hi @mxr.

Thanks for your response. 

Our customer's concerns about the vulnerability of SMBv1 has not gone unheard.

Though progress takes time, we will continue to examine and explore our options for NAS file sharing, but we don't have any additional updates at this time. Should this be introduced, we will announce it, but that is all the information we have available until such time.

 

Please let us know if there is anything else we can do for you, we’re always here to help.

Badge

You speak friendly words… but give no meaningful answer whatsoever.

And they won’t, until or even if it gets released. As has been discussed in many, many threads, there is too much variability in software development to make any commitments.

Userlevel 7
Badge +22

I had some hope we’d see it with the change to the V2 system but since it didn’t make the cut for that I’m back to not expecting it to happen.

My recommendation is use a small SMB v1 file sharing device or use a NAS to SMB v1 gateway. The gateway is pretty slick if you already have a NAS and a cheap Raspberry Pi Zero W is plenty of computer.  https://stan-miller.livejournal.com/357.html

I too am having this smb-v2 library addition issue with my newly installed NAS.  I would like to keep using the SONOS apps on all of my devices (several users) but this security issue is deeply concerning.  I will have to look for other controller apps and software moving away from SONOS.  Sad.  I would prefer not to do that. 

Userlevel 7
Badge +22

Silly to go to that when you can add a NAS to SMB v1 gateway for under $40.

Free if you already have a device that can connect to your NAS and support SMB v1.

I read that SMB1 gives Sonos the opportunity to go in through a back door into your  network and snoop around areas they ordinarily would not get access to. The ability to achieve this  was removed  in SMB2 and later versions.

Userlevel 7
Badge +22

Why would Sonos go through the aggravation of using SMB to snoop on your Sonos gear when they have full control of the device and can use a number of far less aggravating protocols?