Critical flaws revealed in Sonos One speakers

The Zero Day Initiative (ZDI) revealed a number of security issues surrounding Sonos One wireless speakers in its latest report last week. These flaws could be exploited to achieve disclosure of sensitive information and remote code execution.

Details of the vulnerabilities discovered in the Pwn2Own hacking contest

The discovery of the vulnerabilities was demonstrated by three different cybersecurity teams - Qrious Secure, STAR Labs, and DEVCORE - during the Pwn2Own hacking contest held in Toronto late last year. These teams were awarded a total compensation of $105,000 for discovering and exposing four different flaws, involving Sonos One Speaker model 70.3-35220. The security flaws, designated CVE-2023-27352 and CVE-2023-27355, have CVSS scores of 8.8 and allow attackers to execute arbitrary code on compromised installations without authentication. The other two vulnerabilities, identified as CVE-2023-27353 and CVE-2023-27354, with a CVSS score of 6.5, always allow attackers to access sensitive information without the need for authentication.

Implications of security flaws in Sonos One

Specifically, the CVE-2023-27352 issue occurs while processing SMB directory query commands, while the CVE-2023-27355 resides within the MPEG-TS parser. If successfully exploited, both flaws would allow an attacker to execute arbitrary code in the context of the root user. Information disclosure flaws can be used in conjunction with other flaws in the system to achieve elevated code execution.

Measures taken by Sonos to address security issues

Sonos promptly responded to the disclosures, correcting the reported defects. Following the responsible disclosure of the vulnerabilities on December 29, 2022, Sonos has addressed vulnerabilities in Sonos S2 and S1 software versions 15.1 and 11.7.1, respectively. The company recommends that users install the latest updates to mitigate the potential risks arising from these vulnerabilities.