August 9, 2024 at 10:21AM
Cybersecurity researchers discovered vulnerabilities in Sonos smart speakers that could be exploited by attackers to eavesdrop on users, impacting all versions prior to Sonos S2 release 15.9 and Sonos S1 release 11.12. These findings were presented at Black Hat USA 2024 and reveal two security defects, CVE-2023-50809 and CVE-2023-50810, compromising the device’s security.
Based on the meeting notes, the key takeaways are:
1. Researchers have identified vulnerabilities in Sonos smart speakers that could allow attackers to remotely compromise devices and eavesdrop on users. The flaws impact all versions prior to Sonos S2 release 15.9 and Sonos S1 release 11.12.
2. The vulnerabilities are presented at Black Hat USA 2024 and are identified as CVE-2023-50809 and CVE-2023-50810, impacting Sonos One Gen 2 and Sonos Era-100 devices.
3. The vulnerabilities result from a memory corruption vulnerability in the Sonos One’s wireless driver and a chain of vulnerabilities in the secure boot process of Era-100 devices.
4. NCC Group performed reverse engineering on the boot process to achieve remote code execution on Sonos Era-100 and Sonos One devices.
5. Binarly revealed a critical firmware supply chain issue known as PKfail, affecting UEFI products from nearly a dozen vendors, allowing attackers to bypass Secure Boot and install malware. It affects devices using a test Platform Key generated by American Megatrends International (AMI).
6. PKfail permits bad actors to run arbitrary code during the boot process, even with Secure Boot enabled, potentially delivering a UEFI bootkit, such as BlackLotus.
These key points cover the security vulnerabilities in Sonos smart speakers and the broader firmware supply chain issue affecting UEFI products.