Listen Up: Sonos Over-The-Air Remote Kernel Exploitation and Covert Wiretap
Over the last year NCC Group found and exploited many different vulnerabilities within Sonos devices. This led to an entire break in the security of Sonos's secure boot process across a wide range of devices and remotely being able to compromise several devices over the air. We leveraged these vulnerabilities to perform hidden recordings of the microphone to demonstrate how a remote attacker could be able to obtain covert audio capture from Sonos devices. In this talk, we will start off with an introduction to Sonos devices, and describe the device architecture and security controls implemented (such as secure boot and disk encryption). Then we will move into a deep dive on the Wi-Fi driver architecture and attack surface on the Sonos One. The talk will then describe a vulnerability we identified in the WPA2 Handshake which can allow a remote attacker to compromise the kernel over the air. The talk will then move to the exploitation of this issue and discuss the novel challenges of developing a remote kernel exploit. To wrap up this section, we will then perform a demo of the attack where we will turn the device into a wiretap capturing all the audio within the physical proximity of the compromised device. Finally, we will discuss vulnerabilities and exploitation techniques that allowed us to develop the world's first "jailbreak" of Sonos's flagship device - the Era-100 by breaking the secure boot chain. This affected 23 Sonos products and allowed the extraction of cryptographic material. By: Alex Plaskett | Security Researcher, NCC Group Robert Herrera | Senior Security Consultant, NCC Group Full Abstract and Presentation Materials Available: https://www.blackhat.com/us-24/briefi...

Complete Backend Course | Build and Deploy Your First Production-Ready API

ASMR Best Triggers For Sleep Collection (No Talking) 3 Hours of Tapping & Scratching

Something is jamming GPS over Europe. Here's what we found
![PINK & ORANGE GRADIENT IN HD [3 HOURS]](https://i.ytimg.com/vi/6ih8zppfQSQ/hqdefault.jpg?sqp=-oaymwE9CNACELwBSFryq4qpAy8IARUAAAAAGAElAADIQj0AgKJDeAHwAQH4Af4JgALQBYoCDAgAEAEYfyAsKBMwDw==&rs=AOn4CLDvw6mQM98bfl572zfE7r4GdUG8dg)
PINK & ORANGE GRADIENT IN HD [3 HOURS]

Billionaire's WARNING: I'm SELLING. The Crash Is Already Here!

Total Idiots at Work Caught on Camera | Best of 2024

263 DIOS TE DICE HOY: ESA ANGUSTIA QUE TE ROBA LA PAZ SERÁ CAMBIADA POR DESCANSO

Instant Focus Mode – 40Hz Gamma Brainwave Music for Deep Focus & Productivity

Complete Step-by-Step Guide for Installing Oracle 19c RAC on Linux

PROOF Jim Carry is the KING of Comedy!

How to Actually Build Mobile Apps with AI in 2026 | A Complete Beginner's Tutorial

Aesthetic Aura Background 3 hours

Santo Rosário | Sexta-feira | 04:00 | 26/06/2026 | Live Ao vivo

Only Pakistani Mechanics Can Repair This Giant Caterpillar Loader Tire

No Celebrity Has ZERO Filter Like Harrison Ford _ and It’s HILARIOUS!

Gemini CLI Essentials – Full Course

Alienware m17 R5 With CPU Failure And XPS 9530 With Power Rail Failure Repaired Live

News Desk: Alex Plaskett and Robert Herrera on hacking Sonos

OpenClaw: The Viral AI Agent that Broke the Internet - Peter Steinberger | Lex Fridman Podcast #491

