Blog English

HEOS has an issue – others can switch on/off your speaker


HEOS has an issue.

There is a security breach.
If you pair your HEOS account with Google Home, what happens it pulls in the list of devices from your HEOS app.
Yes that is correct.
Screenshot from Google Home and Heos devices
Screenshot from Google Home and Heos devices
that is not the end of story.
Are you buying your HEOS speaker from Amazon second-hand?
Or from whatever dealer, who maybe set up that speaker previously?
HEOS start playing loud in the middle of the night
Be aware that whoever paired and setup the speaker prior to your usage, they will see it in their Google home.
They will NOT see it in their HEOS app anymore, however they will see it in Google home, and they will be able to manage your speaker.

Sudden loud night music in your home switched on by someone else

Practically speaking if you calmly sleep, it can happen that you will suddenly wake up on full volume of your audio.
Or if you are on vacation, your neighbors will not be happy, that your audio in your house or apartment can just randomly be switched on by someone on full volume, and can for example shout whole period  even 1 -2 weeks while you are away.
Crazy right?

Not owned devices, still visible in your home

In bellow screenshot I can see my previously owned HEOS devices (HEOS Bar and Heos Subwoofer).
Both of them are renamed to different name, by their new owners I assume.
One is renamed to Esszimmer (dining room), so we know the new owner is German speaking person
Another device Subwoofer is located upstairs.
Do I want to switch them on or off? 🙂  With Amazon prime it shall be possible.
Screenshot from Google Home and Heos devices
Screenshot from Google Home and Heos devices

HEOS got the information – it was reported

DENON HEOS got reported this issue at least in April 2019 – via their customer support center, and also at their local branch. 
They first answered it is my fault, that i have to reset all my current devices  and also before re-selling them further.   (or before returning them to Amazon)
But that cannot be the case. Manufacturer and APP provider need to keep that responsibility
So far no progress, no change in APP behaviour.
End of June 2019, Heos blames Google for it, and advises that I contact Google about this.
This seems ridiculous, it cannot be Google mistake to pull the list of devices from HEOS APP.  Google cannot have access to such data, that shall not be there anymore.
That would say the devices were not unlinked from previous account.
HEOS Local branch mentioned, they now realized  they see all devices they ever configured.
Or do they keep the history of owners and all speakers they ever owned?
That may be that they do not comply with European GDPR either.

What next?

What next ? Lets see, HEOS was informed about that at least by April 2019.
Now End of June2019 HEOS advised to contact Google for it, which seem ridiculous, HEOS must forbid google to pull old information from their HEOS APP . But why HEOS keeps old information? Or does Google keep old info about devices? I did not witness this with other apps hubs.
This is IoT and cloud topic, which needs to be addressed. Many companies, either underestimate it, or even have ignorance to such topics.
This one is a good example of what needs to be handled.
I will update on this topic, once I have update.
Back to top button