Skip to content

Bose Soundtouch


'Hackers can remotely control thousands of Sonos and Bose speakers'

'Security experts at Trend Micro have demonstrated that certain models of Sonos and Bose speakers are affected by vulnerabilities that could allow attackers to hijack them.'

So how do we hack them? See below! :-)

While USB cable is plugged in browse to:

Choose your "Update.stu" file and hit upload

Upgrade will take ~3 minutes, once done browse to your bose soundtouch devices IP address and hit upload and the once done, do as below:

bose1 bose2 bose3 bose5

A simple portscan gives us the result below: (IMPORTANT: USB Cable must be plugged in)

  thinkpad /home/wuseman # nmap -p0- -T5
  Starting Nmap 7.80 ( ) at 2019-10-27 03:54 CET
  Nmap scan report for
  Host is up (0.0066s latency).
  Not shown: 65515 closed ports
  82/tcp    open  xfer
  8080/tcp  open  http-proxy
  8090/tcp  open  opsmessaging
  8091/tcp  open  jamlink
  17000/tcp open  unknown
  17004/tcp open  unknown
  17005/tcp open  unknown
  17008/tcp open  unknown
  17018/tcp open  unknown
  30030/tcp open  unknown
  30031/tcp open  unknown
  40002/tcp open  unknown
  40003/tcp open  unknown
  40030/tcp open  unknown
  40031/tcp open  unknown
  44149/tcp open  unknown
  49240/tcp open  unknown
  49916/tcp open  unknown
  49935/tcp open  unknown
  57376/tcp open  unknown
  59994/tcp open  unknown
  MAC Address: B2:D1:XB:5E:87:65 (Unknown)

Nmap done: 1 IP address (1 host up) scanned in 4.13 seconds

So now we gonna try to connect to all ports and see if they are available to connect to

  wuseman@thinkpad ~ $ telnet 82
  Connected to
  Escape character is '^]'.
  GET /index.html
  Connection closed by foreign host.

  wuseman@thinkpad ~ $ telnet 8080
  Connected to
  Escape character is '^]'.
  get /update.html
  GET /index.html
  Connection closed by foreign host.

 Same result on 8090 and 8091, but on 17000 we got a shell, bingo!!

  wuseman@thinkpad ~ $ telnet 17000
  Connected to
  Escape character is '^]'.

A video while playing around with some commands



If you have problems, questions, ideas or suggestions please contact me on


Visit our homepage for the latest info and updated tools:

Last update: August 10, 2022
Created: August 10, 2022