Highlighted
Participant
  • 0
  • 1
  • 0
Registered since

Mar 1, 2017

BOSE STAFF, PLEASE UPDATE US ON THE BUG FOUND

Further to your announcement that the update was delayed.
"Unfortunately, we have been forced to delay the 14.0.30 release again. Another bug was discovered recently that will push the release back further than we had anticipated"

Can you comfirm if the said bug is of any malicious nature and if the users are under any potential risks of their systems being hacked or even worse personal data risks due to this bug.

I have just seen a post by a member called clinton reporting the following:

"Malicious Website Blocked" -- SoundTouch music server

All of a sudden my MalwareBytes program has been flashing me notifications that SoundTouch is malware.

 

" Smiley Sad Malicious Website Blocked"

IP: 239.255.255.250
C:\Program Files(x86)\SoundTouch...rver\SoundTouch music server.exe"

WE HAVE A RIGHT TO BE INFORMED IF THERE IS AN ISSUE HERE.

Thanks.



3 REPLIES 3
Highlighted
Collaborator
  • 12
  • 33
  • 0
Registered since

Feb 8, 2017

Re: BOSE STAFF, PLEASE UPDATE US ON THE BUG FOUND

The files blocked was

"a63e90f0-ff4d-11e6-bab1-3c970e13dc7e.json"

 

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0
-Website Data-
Domain:
IP Address: 239.255.255.250
Port: [56926]
Type: Outbound
File: C:\Program Files (x86)\SoundTouch\SoundTouchMusicServer\SoundTouch Music Server.exe

 

Can someone Explain what they are sending ? or Trying to Send ?

 

BAT

Highlighted
Leader
  • 301
  • 316
  • 5
Registered since

Feb 15, 2017

Re: BOSE STAFF, PLEASE UPDATE US ON THE BUG FOUND

Don't get too excited by this,

 

239.255.255.250 is used by a thing called SSDP (Simple Service Discovery Protocall), think of it as the SoundTouch app sending a request out accross your network to get the speakers to notify themselves. Many different devices use this kind of service.

 

Im not sure why you have never seen this before? Its been used by the SoundTouch communications protocals forever.

Highlighted
Moderator - Retired
  • 0
  • 5748
  • 297
Registered since

Dec 5, 2016

Re: BOSE STAFF, PLEASE UPDATE US ON THE BUG FOUND

Hi all,

 

I responded to a previous user earlier today, I'll copy what I said to them:

 

239.255.255.250 is accessed by the SoundTouch music server via port 1900; It's used for Bose system detection on your network.  Sometimes antivirus and anti-malware software will detect programs as false positives and report them to be on the safe side.  Nothing to worry about!

 

239.255.255.250 is a local address in your network, and is used by the Bose systems and application so they can see each other (also known as SSDP).  For some reason, Malwarebytes is seeing it as potential malware, but we all know it isn't.

 

Thanks,

Brandon