Announcements

Help Wizard

Step 1

NEXT STEP

FAQs

Please see below the most popular frequently asked questions.

Loading article...

Loading faqs...

VIEW ALL

Ongoing Issues

Please see below the current ongoing issues which are under investigation.

Loading issue...

Loading ongoing issues...

VIEW ALL

Who Me Too'd this topic

Can’t revoke remote control of Spotify Connect speakers

Avatar of elance
Casual Listener
2020-09-25 06:14 PM

Plan: Premium

Country: USA

Device: Marantz AV7704, Denon HEOS1

Operating System: Embedded in speaker/processor; Any computer/device running Spotify app

 

My Question or Issue:

I HOPE I AM WRONG, BUT THIS IS BAD.

 

ANY SPOTIFY USER WHO HAS EVER ACCESSED MY SPOTIFY CONNECT CAPABLE SPEAKER / EQUIPMENT / PLAYBACK DEVICE CAN HIJACK IT AT ANY TIME FROM ANYWHERE.

 

THIS ISN’T JUST THOUGHTLESS DESIGN, THIS IS IRRESPONSIBLE.

 

I hope I’m wrong.  There appears to be no way to revoke remote control of a Spotify Connect playback device / speaker / stereo / etc without being able to access the app / account on the phone / computer / etc that has previously accessed the equipment and played content through it.

 

Any Spotify user who joins my Wi-Fi network can discover and connect to my equipment and play music through it, whether I want them to or not.  I can’t limit speaker remote control access only to my phone or computer, or specific ones that I choose.  That is BAD.

 

Furthermore, even after they leave my Wi-Fi network, from anywhere in the world, they can turn my equipment on and play any content they want at any time, at any volume.  They can even interrupt what I am currently listening to, take over my equipment, and blast anything they want into my space.  They can play objectionable content to children, they can wake me and my neighbors in the middle of the night, they can play at excessive volumes and blow out my equipment.  That is WORSE.

 

THIS IS A HUGE SECURITY HOLE IN SPOTIFY CONNECT THAT NEEDS TO BE CORRECTED IMMEDIATELY.

 

I can completely disconnect my equipment from the network but then I lose all functionality.  My equipment allows me to disable remote access when the unit is in Standby / Off mode, but that doesn’t stop it from being hijacked when it is on and being used (most of the time).

 

HOW CAN I FIND OUT WHICH SPECIFIC SPOTIFY USERS HAVE THE ABILITY TO HIJACK MY EQUIPMENT AND HOW CAN I SELECTIVELY REVOKE ACCESS, PREVENTING UNWANTED USERS FROM ACCESSING MY EQUIPMENT BEHIND MY FIREWALL ON MY PRIVATE NETWORK VIA SPOTIFY’S UNSECURED NETWORK SERVICES??!!

 

HOW CAN I DISABLE ACCESS TO SPOTIFY CONNECT ON THIS EQUIPMENT UNTIL THIS MAJOR SECURITY PROBLEM IS CORRECTED??!!

Labels:
4 people had this problem.
Who Me Too'd this topic