mattius
Leader
  • 285
  • 316
  • 5
Registered since

Feb 15, 2017

Security, oh no you didn't again!

The post at the top of the Forums is very interesting to me, having in the past raised many security concerns to Bose highlighting massive flaws in their Windows Software and speaker firmware, i can confirm Bose ignored all concerns on security with regards to your speakers!

I emailed both the UK and EU CEO's with my concerns, i got absolutely no response from them! Only when i pursued the matter on the forums with one of the moderators was something done. However there are still many holes in the software! 

 

We all know that the quality control of the recent Software releases is very poor however they really don't help matters...

 

Take for example the latest release (17.170.82-2304), Bose have handily given all customers with the Windows Software on their PC's their development testing scripts, their build test script and a few other tidbits that should never make it to beta release let alone customers!

 

Whilst none of what they have pushed to all customers this time is particularly dangerous so far that i have noticed, it is non obfuscated code which gives those with an interest in that kind of thing a lot of info and potential ways to access the systems.

 

Come on Bose, take this seriously! there are enough articles in the media recently about your security and data security.

 

P.s. Say Hi to Lena, Jiaqui, lp17556, Prabhu and David on your dev team from me.

 

 

4 REPLIES 4
Jason_G
Community Manager - Retired
  • 0
  • 885
  • 26
Registered since

Sep 2, 2014

Re: Security, oh no you didn't again!

Hey Mattius.  Thanks for interest around this issue.  We're going to send you an email to follow up with you around these concerns.

 

Thanks! 

mattius
Leader
  • 285
  • 316
  • 5
Registered since

Feb 15, 2017

Re: Security, oh no you didn't again!

@Jason_G yeap well i did get an email yes, however it was just providing a secure way of communicating with Bose, no follow up, no content, no nothing. I did reply but as usual with Bose, it all went silent.

 

However im glad to see in the latest application update (83-2345) you silently removed all your development debug scripts off the end users system (no app update anouncement?), thanks for them though, all these little tidbits you keep leaving lying around are helping no end decipher how it all works.

Brent_B
Moderator - Retired
  • 0
  • 4188
  • 227
Registered since

May 16, 2016

Re: Security, oh no you didn't again!

Hi mattius, 

 

I spoke to the team today regarding this. They have advised that we will provide updates as they become available, via secure email from privacy and security. 

 

Kind Regards
Brent - Bose Support

mattius
Leader
  • 285
  • 316
  • 5
Registered since

Feb 15, 2017

Re: Security, oh no you didn't again!

@Brent_B Whilst i thank you for your response, its not really encouraging that your "security" department aren't interested in hearing about vulnerabilities in your code and systems. I reported the first lot of flaws over a year ago, never got a response, then again a couple of weeks ago, no response.

Theres loads more fruity stuff in your software and im no hacker, im mearly looking for reasons why the apps don't work like they are supposed to, heck i can discover most things just using notepad!