BOSE Sountouch systems are connected wireless speakers that lets you play music directly from a phone or tablet using Bluetooth, or connect the speaker to your Wi-Fi network for instant in-home listening.

All modern connected speakers let’s you integrate various music services for enhanced music experience. These are the services you can connect a bose speaker to:

BOSE Soundtouch devices BOSE music services

Most of these services utilize the Oauth 1.0/2.0 depending on the services and they retreive the token for you to push/pull your music & personal content from one of these services.

Bose Sountouch App —-> Login into music service —> Oauth2 (retreive secret token) –> Store token in you IOS/Android app –> Make requests via speaker/app to retreive music

Bose App

Pandora XSS

Similarly various other music services can be used for Cross Site scripting in the connected devices/speakers because they rely on music service API’s to sanatize user input. API’s in general never sanatize the output and it get’s feed directly into BOSE music app and services making it vulnerable to a number of attacks.