No, you’re not going crazy—you really might have been hearing ghost sounds or Alexa commands coming from your Sonos or Bose speakers.
According to Wired, certain models of the Internet-connected speakers are vulnerable to audio hijacking, meaning that hackers can remotely gain access to your speakers.
The Sonos Play:1, Sonos One, and Bose SoundTouch system are reportedly among those that can be hacked. Wired explains that the speakers are “pinpointed online with simple Internet scans, accessed remotely, and then commandeered with straightforward tricks to play any audio file that a hacker chooses.”
But the speakers should only be vulnerable if you have a compromised device on your home network or if you’ve opened your network to provide access to an external server to host games or share files. Left open, scanning tools can easily identify the exposed speakers, allowing hackers to tap in and play whatever sounds they want.
These exposed devices aren’t just vulnerable to aural hacking. According to Wired, hackers could also gain access to information like what the speaker is playing, or the account username on services like Spotify and Pandora. In some cases, they could even determine IP addresses and device IDs of the devices connected to the speaker.
While Wired offered reassurances that very few speakers should actually be susceptible to such attacks, Sonos reportedly pushed out an update that limits the amount of accessible data should a hack occur. Bose has not yet taken action, Engadget notes.