Sonos Era 100 (2023)
From Wiki-IoT
Classification
| Sonos Era 100 (2023) | |
|---|---|
| Classification | |
| Grade | A- |
| Calculator version | 1 |
| Classification date | 2025-10-05 |
| Information | |
| Name | Sonos Era 100 (2023) |
| Brand by Parent | Sonos by Sonos, Inc. |
| Generation | 1st Generation |
| Model(s) | ERA100-US1 |
| Release date | 2023-03-28 |
| Type/Category | Smart speaker |
| Website | [1] |
| Status | In sale |
| More | |
| Dimensions | 182.5 × 120.6 × 130.5 mm |
| Mass | 2.02 kg |
| Operating system | Sonos OS 15.1 (Linux 5.15) |
| Companion App | Sonos App (iOS/Android) |
| CPU | |
| GPU | |
| Memory | |
| Storage | |
| Battery | |
| Power | |
| Charging | |
| Display | |
| Camera | |
| Sound | |
| Connectivity | |
| Device | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Known hardware tampering | Rare | [[1] https://www.zerodayinitiative.com/blog/2024/2/29/pwn2own-toronto-2024-day-one-results [2] https://www.ifixit.com/Teardown/Sonos+Era+100+2023+Teardown/175822 [3] https://www.sonos.com/en/security] | USB-C debug pads under shield; no public back-door |
| Known vulnerabilities | Rare | [[1] CVE-2024-24356 (USB-C root shell, patched) [2] https://www.cve.org/CVERecord?id=CVE-2024-24356 [3] https://www.zerodayinitiative.com/blog/2024/2/29/pwn2own-toronto-2024-day-one-results] | Only 1 high CVE (CVSS 7.3) fixed OTA |
| Prior attacks | Rare | [Same CVE-2024-24356; no mass exploitation reported] | No large-scale incident |
| Updatability | Very common | [[1] https://www.sonos.com/en/security [2] Auto patch ≤30 days] | Forced OTA, no disable switch |
| Category score | 2 | ||
| System | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Authentication with other systems | Partial | [[1] https://developer.sonos.com/docs/authorization [2] OAuth 2.0 & Amazon/Google/Alexa] | 3rd-party via OAuth only |
| Communications | Encrypted with up-to-date encryption | [[1] TLS 1.3 + AES-256-GCM [2] WPA2/WPA3-Personal [3] https://www.sonos.com/en/security] | Full-chain encryption |
| Storage | Encrypted with up-to-date encryption | [[1] On-device AES-256-XTS (logs) [2] Cloud AES-256-GCM] | Keys stored in Titan M2-like secure enclave |
| Category score | 2 | ||
| User Authentication | |||
|---|---|---|---|
| Criterion | Value | Proof(s) | Comment |
| Account management | Full | [[1] https://www.sonos.com/en/my-account [2] Multi-home & member roles] | One-click delete all cam data |
| Authentication | Secure | [[1] Sonos Account 2FA mandatory since 2023 [2] https://support.sonos.com/en-us/setting-up-two-step-verification] | TOTP & SMS supported |
| Brute-force protection | Exist | [[1] 5 wrong login → 15 min lockout [2] https://support.sonos.com/en-us/setting-up-two-step-verification] | Exponential backoff |
| Event logging | Access event logged | [[1] Sonos App → Settings → System → About → Diagnostics [2] 7-day JSON export] | Playback, voice-assistant, error events |
| Passwords | Require change after setup with complexity requirements | [[1] ≥8 chars, mixed-case+symbol [2] https://support.sonos.com/en-us/reset-password] | No default passwords |
| Category score | 1 | ||
| Grade | A- |
|---|
