09-08-2024Ravie LakshmananIoT Security / Wireless Security

Cybersecurity researchers have discovered vulnerabilities in Sonos smart speakers that could be exploited by malicious parties to secretly eavesdrop on users.

According to Alex Plaskett and Robert Herrera, security researchers at NCC Group, the vulnerabilities “resulted in a complete breach of Sonos’ secure boot process on a large number of devices and the ability to remotely compromise multiple devices over the air.”

Successful exploitation of any of these flaws could allow a remote attacker to obtain surreptitious audio recordings from Sonos devices via an over-the-air attack. They affect all versions prior to Sonos S2 release 15.9 and Sonos S1 release 11.12, which shipped in October and November 2023.

The findings were presented at Black Hat USA 2024. A description of the two vulnerabilities is as follows:

• CVE-2023-50809 – A vulnerability in the Sonos One Gen 2 Wi-Fi stack does not properly validate an information element when negotiating a WPA2 four-way handshake, leading to remote code execution

• CVE-2023-50810 – A vulnerability in the U-Boot component of the Sonos Era-100 firmware that could allow persistent arbitrary code execution with Linux kernel privileges

NCC Group, which reverse-engineered the boot process to remotely execute code on the Sonos Era-100 and Sonos One devices, said that CVE-2023-50809 results from a vulnerability in the memory of the wireless driver of the Sonos One, a third-party chipset manufactured by MediaTek.

“In the wlan driver, there is a possible out-of-bounds write due to improper input validation,” MediaTek said in an advisory for CVE-2024-20018. “This could lead to local escalation of privileges without requiring additional execution privileges. User interaction is not required for exploitation.”

The initial access gained in this manner paves the way for a series of post-exploitation steps. These steps include obtaining a full shell on the device to gain full control over the smart speaker in the context of root. Then, a new Rust implant is deployed that can capture audio from the microphone that is in close physical proximity to the speaker.

The other vulnerability, CVE-2023-50810, relates to a set of vulnerabilities identified in the secure boot process that affect Era-100 devices. This effectively allows security measures to be bypassed and unsigned code to be executed in the context of the kernel.

This could then be combined with an N-day privilege escalation flaw to facilitate code execution at the ARM EL3 level and extract hardware-assisted cryptographic secrets.

“Overall, there are two important conclusions to be drawn from this research,” the researchers said. “The first is that OEM components should have the same standard of security as internal components. Vendors should also perform threat modeling of all external attack surfaces of their products and ensure that all external vectors have been adequately validated.”

“In the case of the secure boot vulnerabilities, it is important to validate the boot chain and perform testing to ensure these vulnerabilities are not introduced. Both hardware and software based attack vectors should be considered.”

The revelation follows firmware security firm Binarly’s disclosure that hundreds of UEFI products from nearly a dozen vendors are vulnerable to a critical firmware supply chain vulnerability known as PKfail, which could allow attackers to bypass Secure Boot and install malware.

Specifically, it was found that hundreds of products were using a test platform key generated by American Megatrends International (AMI). This key was likely included in their reference implementation in the hope that it would be replaced by downstream entities in the supply chain with another, securely generated key.

“The issue is caused by the Secure Boot ‘master key’, also known as the Platform Key (PK) in UEFI terminology, which is not trusted because it is generated by Independent BIOS Vendors (IBVs) and shared across vendors,” the company said. The issue is described as a cross-silicon issue that affects both x86 and ARM architectures.

“This Platform Key (…) is often not replaced by OEMs or device vendors, resulting in devices shipping with untrusted keys. An attacker with access to the private portion of the PK can easily bypass Secure Boot by manipulating the Key Exchange Key (KEK) database, the Signature Database (db), and the Forbidden Signature Database (dbx).”

PKfail therefore allows attackers to execute arbitrary code during the boot process, even if Secure Boot is enabled. This allows them to sign malicious code and deliver a UEFI bootkit, such as BlackLotus.

“The first firmware vulnerable to PKfail was released in May 2012, while the last one was released in June 2024,” Binarly said. “Overall, this supply chain issue is one of the longest-running of its kind, with a duration of more than 12 years.”