Question on third-party hardware connected to WiFi

[Stg-Flame]

I just bought my girlfriend a Bose SoundTouch 2.0 for Christmas and I was just informed, the Bose needs to be connected to my WiFi at all times in order to play via Pandora and the like. Are there any security concerns with allowing something like this to be on my WiFi? Even smartphones have some form of security measures, but when I bring up the list of what all is connected to my network, I can access the SoundTouch from anything without being prompted with a security key.

Could someone potentially access my network through the SoundTouch?

 

[John Connor]

Doesn't your WIFI use WPA2 and have a password of at least 16 digits? That would make it so the soundtouch would need the password.

 

[VirtualLarry]

I'm a little confused, OP. Does the SoundTouch connect via WiFi to a router, or does a PC connect via WiFi to the SoundTouch? There should be encryption options either way.

 

[Stg-Flame]

It connects via WiFi to the router but I was just concerned it would be a vulnerability to my system and since I don't know much about security and WiFi systems, I thought I would ask the experts before exposing my system.

 

[John Connor]

What type of router is it? You should have a password.

 

[corkyg]

Wi-Fi can indeed be a hacker's freeway without proper security controls such as those mentioned above. Do not let your Wi-Fi become public Wi-Fi.

 

[Stg-Flame]

My router is a Motorola Surfboard and it came with the security passkey printed on the label under the router itself, so I assume it's secure - especially since I need that key every time I try to connect something to my router.

Thanks for all the information and I will welcome any additional information concerning WiFi security and vulnerabilities.

 

[John Connor]

So when you used the speakers did you have to type that key into the speakers? Because if you didn't the WIFI isn't secured. The best way to check if your WIFI is secured is through your laptop and clicking on the connection app in the task bar, there should be a lock next to your SSID (your WIFI name) if you even know what that is. Your network would most likely have the highest signal strength.

It is very important that your WIFI is secure because you are responsible for what goes through your network and if someone downloads child porn on your network the FBI will bang on your door.

Ii think you can access your modem by entering 192.168.100.1 into the address bar of your browser. If it asks for a password and user name try Admin.

Password: Admin

Username: Admin

Password: Just blank no password

Username: Admin

Those combinations.

 

[Stg-Flame]

The speakers are controlled by an app on her phone. She has to input the key in the app to make it work.

 

[John Connor]

Where is the signal coming from for the speakers? WIFI or the phone???

 

[unokitty]

My router is a Motorola Surfboard and it came with the security passkey printed on the label under the router itself, so I assume it's secure - especially since I need that key every time I try to connect something to my router.

Thanks for all the information and I will welcome any additional information concerning WiFi security and vulnerabilities.

Just checking... You're not using the default password are you?

Username and admin password:
Default IP login address: 192.168.0.1
Default Username: admin
Default Password: motorola

If you're not, just ignore this post...

Uno

 

[PrincessFrosty]

The main source of weakness would be in how the speakers/phone app store the Wifi password on the system, if someone steals the phone and jail breaks it and looks at the local storage, are they going to find the password stored in clear text? Probably, it might be encrypted but the encryption keys would also have to be on the device.

Also, mobile devices which have wifi passwords set to remember and to auto join (most do by default) beacon out the wifi they're looking to connect to. So if she has her phone at work for example, and its beaconing out requests, someone can put up a network with the same name and it will attempt to connect, that will cause a 4 way handshake to occur, the phone wont connect to it because the fake AP won't know the real wifi password, but the 4 way handshake does contain a hashed version of the password, this means you can do an offline dictionary attack against it.

You need a strong and unique password to the router and just remember that any wireless device you set to remember your wifi password and is set to auto reconnect is vulnerable to leaking the password if the password is weak (appears in a dictionary list)

 

[John Connor]

If your speakers got an automatic connection without setting the password in the speakers found at the bottom of the modem then it is NOT secured. Watch this video to set a password. I would use WPA2 not WPA. https://www.youtube.com/watch?v=erVEPbhwHos

 

[Stg-Flame]

Thanks for the additional information. I'll check out the video.