Sonos support for SMB 2.0 protocol

  • 18 September 2016
  • 274 replies
  • 43897 views


Show first post
This topic has been closed for further comments. You can use the search bar to find a similar topic, or create a new one by clicking Create Topic at the top of the page.

274 replies

Userlevel 7
Badge +26
Chiming in here - it is becoming harder to justify keeping my Sonos running using SMBv1 - it means I've had to re-enable it on my NAS - which recently updated itself to default to not supporting the depreciated protocol...

We're looking into this situation closely right now. If you don't mind, what brand NAS drive is that? Is it a Synology NAS?
Userlevel 4
Badge
Hi Ryan. I'm one of the Samba authors and a *BIG* SONOS fan/user. If you need any help in moving the SONOS Linux client code to SMB2/3 please feel free to reach out for help. I can be contacted on jra@samba.org

Thanks,

Jeremy Allison.
Userlevel 7
Badge +26
Thanks for the offer, Jeremy. I'll send your details on over to our team in case they need it.
Userlevel 1
Chiming in here - it is becoming harder to justify keeping my Sonos running using SMBv1 - it means I've had to re-enable it on my NAS - which recently updated itself to default to not supporting the depreciated protocol...

We're looking into this situation closely right now. If you don't mind, what brand NAS drive is that? Is it a Synology NAS?


It's FreeNAS (currently running FreeNAS 9.10.2-U5), from the FreeNAS forums I am by no means the only one that noticed their Sonos shares stop working when FreeNAS supported Samba 4.5(+), which defaults as no support for NTLMv1.

It would be nice for Sonos to play catch up here.
Userlevel 7
Badge +21
Another "Patch Tuesday", another Windows SMBv1 vulnerability fixed... Microsoft even issued patches for XP and Server 2003, two unsupported OSes, because of their continued use by people not wanting to upgrade.
This appears to be the same problem I have been having since an upgrade/update about 9 months ago. I was using an smb share originally a Fedora 24 server now Fedora 25 server, the Sonus controller kept throwing error when trying to connect to the server.
All PC's, laptops, running either Windows or Linux and android devices can connect to the server. However the Sonus controller refused to connect to the smb share. I was informed to remove ALL security, by allowing the whole world access to the share and no password, still failed to connect.
After many emails I was told they "Sonus" do not support Linux, hmmm! And that they only support NAS devices, hmmmm! all NAS devices I have looked at use Linux.
So after wasting money buying Sonus speakers that have a decent simple controller for other users in my household, I am in the process of sourcing other speakers for the purpose needed, which at the moment appears I may eventually have to write a controller of my own and botch together speakers with Arm based Linux devices.
Userlevel 7
Badge +21
I posted these in another thread on this same topic, but wanted to share here (to reciprocate one of the links in one of the pages I'm linking to)...

Hopefully we now have a little motivation for Sonos to finally upgrade... Microsoft will be disabling SMBv1 in the Windows 10 update that will hit this fall, expected around October or November. It should be noted that this will be for NEW installations of Windows 10 (new computers, clean reinstallations, etc.)... upgrade/update installations will continue to have SMBv1 enabled if it had not been disabled by the user.

Maybe a little more motivation... Microsoft is maintaining a list of products that require SMBv1, so they can tell people NOT to buy those products. Yes, Sonos is on that list (and they link to this topic for their reference).
Thanks, Mike V. I saw somewhere in one of these threads a rep from Sonos saying that they were monitoring and thinking deeply about this. I would hope that such a statement means that the priority of the upgrade has changed on their backlog, and we may see it sooner than later. One then has to wonder which version they would be upgrading to.

Added: And if I'd scrolled up a bit, I'd have seen it was the imitable Ryan S in this very thread!
Userlevel 6
Badge +5
Given that one of the Samba developers is kind enough to offer help, I hope this addressed sooner rather than later.

The efforts that go into interpreting the intentions of Sonos remind me of the efforts the markets make to interpret the words of the Federal Reserve...

But I am not complaining, at least there is a Sonos presence.
Sure. Which beta version do you want to add it into immediately? Do you want it released without any testing?

It wouldn't surprise me if it does roll out in one of their updates coming up. But I'm not expecting an individual update just for that, if they're going to do it, I would expect it to be rolled out with a bunch of other things, and fully tested. It's why they have a beta program, after all.
and if you need to see a list from Microsoft technet warning about system that only support SMP1 then look here.

- https://blogs.technet.microsoft.com/filecab/2017/06/01/smb1-product-clearinghouse/

Im looking forward to the date where Sonos is no longer in this list!
Userlevel 4
i got an email from Sonos today and told me version 7.3 is now available. so I updated the controller and tried it after disabling SMBV1 on my Windows 10 machine. nothing has changed, still broken. I had to re-enable SMBv1 back. Just want everyone to know in case anyone wants to try it out.
I would assume at the point that they make such a change (if they do, I guess), it would be significant enough to mention in the update notes, and certainly be announced here on the boards.
Userlevel 2
Badge
Please fix this.

-Andy
Userlevel 1
Another massive SMB-based cyber attack in Ukraine today. The airport, the national bank, and the largest power station are all affected, amongst other installations. Dithering on basic issues of cybersecurity does not make you look good. One could even consider that it could be understood that you're enticing your customers to switch on SMB v1, to use this feature - and inadvertently they put themselves at risk.
Userlevel 2
Badge
Sonos, just in case you aren't up to date on security news... http://thehackernews.com/2017/05/samba-rce-exploit.html.
Userlevel 4
Another ransomware outbreak, spreading using the same SMB v1 vulnerability just like WannaCry: https://blog.varonis.com/petya-ransomware-outbreak-what-you-need-to-know/. I really need to disable SMB v1! when am able to do it Sonos??
Userlevel 7
Badge +21
Another ransomware outbreak, spreading using the same SMB v1 vulnerability just like WannaCry: https://blog.varonis.com/petya-ransomware-outbreak-what-you-need-to-know/. I really need to disable SMB v1! when am able to do it Sonos??

Right now. Sonos aren't stopping you. How is your NAS susceptible to these sorts of attacks? Do you connect external USB sticks to it? Connect it to the internet? Run a very old version of Windows without updating?
Userlevel 4
Another ransomware outbreak, spreading using the same SMB v1 vulnerability just like WannaCry: https://blog.varonis.com/petya-ransomware-outbreak-what-you-need-to-know/. I really need to disable SMB v1! when am able to do it Sonos??

Right now. Sonos aren't stopping you. How is your NAS susceptible to these sorts of attacks? Do you connect external USB sticks to it? Connect it to the internet? Run a very old version of Windows without updating?

You just don't get it do you? with more and more attacks targeting SMB v1 vulnerabilities, I hate to be so reactive that always find out after the break out and making sure everything is patched, On the other hand, the more proactive / appropriate appoach is to disable this protocol. Why is Sonos stopping me? because it breaks the Sonos controller when I do so and EVERYTHING ELSE keeps working! Furthermore, MSFT has announced SMB v1 will be removed in the next release of WIndows 10 (fall update). I will be the updating my Windows 10 machines to the latest build as soon as it's released, therefore, this will become a real issue for me. by the way I don't use USB sticks nowadays, and I do update my entire home network every month - thanks for asking. I feel like you are annoyed by my comment. As I started this thread, and I am a Sonos customer, I think I have every rights to express my concern and I believe it is geniune.
Userlevel 7
Badge +21
Hey, no worries OP. You're perfectly entitled to your views and do please keep expressing them.

I was simply pointing out that the recent ransomware attacks not ONLY exploited the SMB2.0 issue but also those who had not kept their systems up to date. Whilst it certainly is disappointing that Sonos haven't updated their system we don't know why - It may be that it is not technically straightforward as hoped or that they simply do not see any security problems. Furthermore I was pointing out that it is YOUR choice to use a NAS. Granted you would lose the ability to play your songs if you switched it off but it hardly "breaks the controller".

My opinion is simply that you're making a mountain out of a mole-hill - There's no irritation on my part. I simply have a different opinion!
Userlevel 1
Stuart_W - I'm not sure what your contribution is here. Are you here to police what people say about quality of support? Network security is a serious issue that any professional organisation releasing networked products needs to be vigilant about.

The issue in question is that stuff gets inside the firewall, through email attachments and other risk vectors. Stuff happens. Are you saying running SMB v1 is acceptable on certain networks? It certainly is not.
Userlevel 7
Badge +21
Stuart_W - I'm not sure what your contribution is here. Are you here to police what people say about quality of support? Network security is a serious issue that any professional organisation releasing networked products needs to be vigilant about.

The issue in question is that stuff gets inside the firewall, through email attachments and other risk vectors. Stuff happens. Are you saying running SMB v1 is acceptable on certain networks? It certainly is not.


My contribution? It's just my opinion that's all. No more and no less. Just because I don't have a concern about this particular network issue doesn't mean I can't express it and nor does it mean it isn't a problem? We seem to live in times where people get upset at the slightest contrary view, that that person must have a hidden agenda or be annoyed or should just go away because they don't tune in with their echo chamber.

Here's the thing. I'm not a network engineer, nor an IT engineer though I have been programming computers in excess of 40 years. So I put my trust in the software experts at Sonos. I'm sorry if you feel I shouldn't express that position. I would point out that my opinion is no more valid than anybody else's and nor have I attempted to suggest it is.
Userlevel 2
Badge
I'm a security engineer. I'm very concerned about having to leave deprecated legacy protocols enabled for a major function of reasonably expensive hardware I brought. Sonos came in with a great reputation, but now I'm second guessing my decision there.

I'll probably shut off SMBv1 anyway even though it will cripple that major functionality, but its a black eye on Sonos.

-Andy
Userlevel 7
Badge +21
The vulnerability in SMBv1 that both WannaCry and Petya take advantage of has already been patched by Microsoft, even for Windows XP, which Microsoft hasn't supported for a couple of years. If you keep your computer up to date with security updates, you should be fine, at least until a new exploit is discovered.

It should also be noted that the SMBv1 vulnerability being exploited applies only to Windows, and nothing else. So a NAS (since most NAS devices run some kind of Linux) that supports SMBv1 should be fine for storing your music on your network if you want to turn off SMBv1 on your Windows computers. Most NAS devices support most, if not all, versions of SMB/CIFS.

I don't expect Sonos to have this fixed in weeks. I don't even expect it to be in the next software update they release. Maybe two or three from now... but hopefully, in order to prevent a support nightmare for themselves, they'll have it done before Microsoft releases the next major update to Windows 10 this fall. Any new computers or clean Windows 10 installations after that update will have SMBv1 disabled.
Userlevel 2
Badge
It should also be noted that the SMBv1 vulnerability being exploited applies only to Windows, and nothing else. So a NAS (since most NAS devices run some kind of Linux) that supports SMBv1 should be fine for storing your music on your network if you want to turn off SMBv1 on your Windows computers. Most NAS devices support most, if not all, versions of SMB/CIFS.


This is incorrect. Please Google SambaCry.
https://fossbytes.com/sambacry-malware-linux/