PewDiePie fans strike yet again, Sonos speakers hacked.

[kting15]

I'm already tired of this.

[Theminecraftaddict555]

I'll be dying of laughter when the fans realize that t-series will still top pewds with their bots. 

[Trixanity]

At this point I think it's more about not giving the number one spot to a corporation rather than PewDiePie zealotry.

 

It would be a huge precedent to set that corporations would surpass the content creators that built up YouTube. Many consider it to be hijacking. It's hard for a single person (or small team) to compete against a media corporation who theoretically has an audience of one billion (my understanding is it's the vevo of India) and billions in financial backing.

[Okjoek]

8 hours ago, Abdul201588 said:

Sigh... The poor average consumer just installs their tech with the default settings and calls it a day.. nothing to do with the company or their products. I make sure that anyone that wants to buy products that connects to a network or to the internet they must see if you can change the default password and username. If a product doesn't allow you to change passwords then DO NOT BUY IT.

 

 

What do you need connected to the internet besides a PC and smartphone? I don't get it.

[Sir Asvald]

3 hours ago, Okjoek said:

What do you need connected to the internet besides a PC and smartphone? I don't get it.

Well, just like Alexa and other devices they need to be connected to the internet so you can order stuff, listen to music etc. I believe with these speakers, they use their own streaming service.

[ShmoeMo]

12 hours ago, Speed Weed said:

That person will get arrested. Government agencies don't have time to deal with Pewdiepie vs T-Series drama prank. 

 

These fans are messing with the good people. Wait until these fans begin to messing with the bad guys on the deepweb that are making malware for money. 

 

 

If they didnt need to crack any passwords or find any exploits to be able to get into it they cant be arrested. As they technically havnt done anything wrong

[Canada EH]

12 hours ago, Speed Weed said:

That person will get arrested. Government agencies don't have time to deal with Pewdiepie vs T-Series drama prank. 

Maybe, but who knows. Donut shops and easy targets seem to be their M.O.

There has been more serious violations, yet they allowed them to slide.

[TomatoSenpai]

12 hours ago, Drak3 said:

These shitheads advertising for this overrated shitshow of a channel is getting really old really fast.

Underrated comment here.

 

12 hours ago, kennymccormick said:

Yeah messing with GTA, printers or speakers is pretty innocent but when they start messing with government systems that would take it way too far.

Sadly, but I have hope: This "meme" war will end soon, just a waste of time.

[Speed Weed]

52 minutes ago, ShmoeMo said:

If they didnt need to crack any passwords or find any exploits to be able to get into it they cant be arrested. As they technically havnt done anything wrong

Hacking the government system is against the government law. 

[ShmoeMo]

8 minutes ago, Speed Weed said:

Hacking the government system is against the government law. 

like i said, If there is no security on it and you can just log straight in without password or username (not hacking) there is nothing they can do as you did nothing illegal  and it is there own fault for leaving it open

[Speed Weed]

19 minutes ago, ShmoeMo said:

like i said, If there is no security on it and you can just log straight in without password or username (not hacking) there is nothing they can do as you did nothing illegal  and it is there own fault for leaving it open

The national emergency alert system need password and username to log in. I don't think the government leave this system without any protection at all. 

[Okjoek]

1 hour ago, Abdul201588 said:

Well, just like Alexa and other devices they need to be connected to the internet so you can order stuff, listen to music etc. I believe with these speakers, they use their own streaming service.

WTF is the point of that? Why don't they just order shit on a computer like I do.

 

And IDK if they have mp3 players that can access the internet, but I just have an old cheapo mp3 player with all my saved music I can hook up to a pair of speakers.

 

SMH What's wrong with people.

[ShmoeMo]

19 minutes ago, Speed Weed said:

The national emergency alert system need password and username to log in. I don't think the government leave this system without any protection at all. 

you missed my point entirely

[Speed Weed]

1 minute ago, ShmoeMo said:

you missed my point entirely

I am talking about the national emergency alert system that the other user stated. I am not talking about the non log in government system. 

[DragonTamer1]

This is getting out of hand.

[ShmoeMo]

44 minutes ago, Speed Weed said:

I am talking about the national emergency alert system that the other user stated. I am not talking about the non log in government system. 

Derp, my bad. When i originally responded it wasnt showing that you responded to someone. It just showed as a regular comment for me.

[D13H4RD]

Like that will ever get me to subscribe to the Pewds. 

[mr moose]

3 hours ago, ShmoeMo said:

If they didnt need to crack any passwords or find any exploits to be able to get into it they cant be arrested. As they technically havnt done anything wrong

I dare say the US government don't care if what you did was technically illegal or not, they have the anti terror laws and that means no rights for you.

[ZacoAttaco]

What do they mean by ‘incorrectly configured networks’? Surely not that their network simply doesn’t have an password but that it’s ‘public’ for some reason...

[Sir Asvald]

4 hours ago, Okjoek said:

WTF is the point of that? Why don't they just order shit on a computer like I do.

 

And IDK if they have mp3 players that can access the internet, but I just have an old cheapo mp3 player with all my saved music I can hook up to a pair of speakers.

 

SMH What's wrong with people.

Well people think is a convenience, I think it's stupid. I mean if you have a secure WiFi password and you use 2FA for your accounts stuff like this would not happen...but again, the average use wouldn't know how to change passwords.. For me, I'd never get something like this.

[Sir Asvald]

3 hours ago, ZacoAttaco said:

What do they mean by ‘incorrectly configured networks’? Surely not that their network simply doesn’t have an password but that it’s ‘public’ for some reason...

Oh boy, when people get the routers and modems or combo (router/modem). They just plug it in and it works, they don't think it'll be a problem. I used to test people's home "network" but it's so easy to hack because a some named brand actually used the same default password and username on their low end WiFi router...

[ZacoAttaco]

49 minutes ago, Abdul201588 said:

Oh boy, when people get the routers and modems or combo (router/modem). They just plug it in and it works, they don't think it'll be a problem. I used to test people's home "network" but it's so easy to hack because a some named brand actually used the same default password and username on their low end WiFi router...

I guess in the same sense, they should probably change their default router IP address and admin password. Most people generally leave it the same and it gives you a lot of power and control of the router and thus the network itself.

 

EDIT: If you know what brand their router is, you can probably work out the default IP address. People have no idea.

[Sir Asvald]

41 minutes ago, ZacoAttaco said:

I guess in the same sense, they should probably change their default router IP address and admin password. Most people generally leave it the same and it gives you a lot of power and control of the router and thus the network itself.

 

EDIT: If you know what brand their router is, you can probably work out the default IP address. People have no idea.

the thing is. They don't know how to.. I mean there are some companies that have a manual on how to show it, but do people care?

[kennymccormick]

57 minutes ago, ZacoAttaco said:

I guess in the same sense, they should probably change their default router IP address and admin password. Most people generally leave it the same and it gives you a lot of power and control of the router and thus the network itself.

Just found this guy's twitter:

https://twitter.com/HackingMoth

 

He posted a thread explaining the cause of the hack (not the hack itself though) and says that it's because people had open inbound ports (specifically 1400), listing their networks on the public internet. If that's true than it has nothing to do at all with cracking or default password or with how good your WiFi password is. I am just wondering if people unknowingly opened the ports themselves or if it was the Sonos device that did it using UpNp.

 

I use Sonos myself aswel and tried to get into this configuration page he's talking about. It's damn easy, all I did was type in the Ipv4 of my Sonos device and adding :1400 to the adress in google chrome and I was shocked to see that I was into the setup page, listing all my connected devices and active speakers. There was no login page at all!?

 

EDIT:

I didn't find any open ports in my router that I didn't know of and port 1400 is closed so I highly doubt Sonos devices forward themselves.

Edited December 8, 2018 by kennymccormick

[LAwLz]

On 12/7/2018 at 4:04 PM, williamcll said:

I wished I was this good at hacking.

It's not hard.

 

1) Find some device you want to exploit, like Sonos.

2) Google and find the default port used for web management, as well as the default login information.

3) Go to shodan, or use a tool like Nmap and look for IPs which has that port open.

4) ???

5) Profit!

 

Just remember that this is probably illegal in the country you're in. Things like Nmap is super useful for testing your own network and pen-testing though.

 

 

 

23 hours ago, ShmoeMo said:

If they didnt need to crack any passwords or find any exploits to be able to get into it they cant be arrested. As they technically havnt done anything wrong

Depends on the country, but for example the UK has a law which makes it illegal to access computer material which you are unauthorized to access.

Other countries have similar laws in the vein of "knowingly accessing systems you are not authorized to view is illegal".

 

 

 

15 hours ago, ZacoAttaco said:

I guess in the same sense, they should probably change their default router IP address and admin password. Most people generally leave it the same and it gives you a lot of power and control of the router and thus the network itself.

 

EDIT: If you know what brand their router is, you can probably work out the default IP address. People have no idea.

Just a heads up, changing the "default IP" of your router adds no extra layer of protection. Run ipconfig in cmd, scroll until you find "Default Gateway". That will be the router's IP. Your computer needs this information (and your router/DHCP server) willingly provides it to anyone who connects to your network. Otherwise devices on the network wouldn't know where to send packets addressed to the Internet.

 

 

 

 

14 hours ago, kennymccormick said:

EDIT:

I didn't find any open ports in my router that I didn't know of and port 1400 is closed so I highly doubt Sonos devices forward themselves.

I don't think they open ports for themselves either. I don't get why they would do that.

It's probably just, as the moth said on Twitter, people who has their routers in bridge mode.