bluesound.py | ||
README.md |
Exploiting Insecure WIFI Speakers
This is very old, from when I was around 18. But it was fun, so I thought I'll describe the process from memory.
I knew someone who had Bluesound WIFI speakers and I got curious about them.
They were controllable by a dedicated smartphone app.
I installed a package capture app on my phone and tried a bunch of things in the Bluesound app. To my amazement, the app was sending pure, unencrypted and unauthenticated http
requests to the speaker for every action I took, like play, pause, change track, etc. I captured enough to reverse engineer the protocol.
What I thought would be fun, was to write a script that scans the whole network for Bluesound speakers, and then plays the nyancat song on all of them (it was still enough of a meme back then).
bluesound.py is that script, I am posting this unedited, just the way I found it on my hard drive. It's fun to see how differently I approached coding back then and how much I've learned since. I'm not even sure the network scanning code works, it looks like it shouldn't :) I probably didn't know about subnets and netmasks.
is this kind of a real vulnerability?
If you search on Shodan for Brand Display Name: Bluesound
(link to search), it shows 137 results. This means you can control other people's speakers with curl
!
so idk
Disclaimer
Please be responsible with this. I am not accountable for misuse of this code or technique, I am just sharing an interesting find. Only try it at your own risk, on devices you own or have the owner's informed consent for.