The vulnerabilities led to an entire break in the security of Sonos's secure boot process across a wide range of devices and remotely being able to compromise several devices over the air.
Successful exploitation of one of these flaws could allow a remote attacker to obtain covert audio capture from Sonos devices by means of an over-the-air attack.
CVE-2023-50809 involves a vulnerability in the Sonos One Gen 2 Wi-Fi stack leading to remote code execution, while CVE-2023-50810 allows persistent arbitrary code execution in the Sonos Era-100 firmware with kernel privileges.
The initial access obtained in this manner paves the way for a series of post-exploitation steps that include obtaining a full shell on the device to gain complete control over the smart speaker.
#sonos-smart-speakers #cybersecurity-vulnerabilities #remote-code-execution #covert-audio-capture #black-hat-usa-2024
Collection
[
|
...
]