August 9, 2024 at 05:12AM
NCC Group researchers disclosed vulnerabilities in Sonos smart speakers, including a flaw allowing eavesdropping on users (CVE-2023-50809). Exploiting this through Wi-Fi could allow remote code execution and audio recording. Sonos and MediaTek released patches. Additional flaws in secure boot were discovered. Details are available in NCC Group’s whitepaper and accompanying video.
Based on the meeting notes, the key takeaways are as follows:
– NCC Group researchers disclosed vulnerabilities in Sonos smart speakers, including a flaw that could have been exploited to eavesdrop on users.
– One of the vulnerabilities, tracked as CVE-2023-50809, allowed remote code execution by an attacker within Wi-Fi range of the targeted Sonos smart speaker.
– The vulnerability affected a wireless driver that failed to properly validate an information element during WPA2 four-way handshake negotiation.
– Sonos informed customers about the vulnerability in an advisory published on August 1, with patches released last year. MediaTek also released fixes for their Wi-Fi SoC in March 2024.
– In addition to the Wi-Fi vulnerability, flaws were discovered in the Sonos Era-100 secure boot implementation, allowing the researchers to achieve persistent code execution with elevated privileges.
– NCC Group has published a whitepaper with technical details and a video demonstrating their eavesdropping exploit in action.
Would you like me to include any further details or insights from the meeting notes?