Disable internet/remote access?

[thatdoodle]

One of my friends came over yesterday, and connected to my unit through Spotify connect over my WiFi to stream some music.

After he returned home he was still able to connect to my unit and stream music to it as it appears under the "On other networks" section in Spotify connect. He's been using this to incessantly spam me with baby shark and as far as I can see it's impossible to prevent him from doing this or force disconnect him from the device. I can start streaming my own music via Chromecast but there is nothing to stop him from connecting again, kicking me off the device.

While I don't mind my friend playing a joke on me, it is annoying and I don't particularly like that the WiiM is accessible over the internet by anybody that has connected to my WiFi.

Is it possible to disable this remote play feature at all?I assume closing the inbound ports used by Spotify connect will fix this, but this is fairly advanced for most users so I'd appreciate if there could be a setting in the app to control this.

 

[Burnside]

Unfortunately that’s Spotify at fault, not WiiM, and it’s an often reported issue across a wide range of devices. Some see it as a significant security breach.

See this post for example, where it suggests trying to “log out everywhere” or connecting to the device using your account, not theirs.

[Security hole] Remote control devices on other networks through Spotify Connect

Hello community This is a serious security hole I've found on my Spotify Connect. If you have connected your Spotify to other devices, and now I'm able to control and connect that device even though I'm on an another network and on a far distance from the device. The below image shows that...

community.spotify.com

 

[hgo58]

One of my friends came over yesterday, and connected to my unit through Spotify connect over my WiFi to stream some music.

After he returned home he was still able to connect to my unit and stream music to it as it appears under the "On other networks" section in Spotify connect. He's been using this to incessantly spam me with baby shark and as far as I can see it's impossible to prevent him from doing this or force disconnect him from the device. I can start streaming my own music via Chromecast but there is nothing to stop him from connecting again, kicking me off the device.

While I don't mind my friend playing a joke on me, it is annoying and I don't particularly like that the WiiM is accessible over the internet by anybody that has connected to my WiFi.

Is it possible to disable this remote play feature at all?I assume closing the inbound ports used by Spotify connect will fix this, but this is fairly advanced for most users so I'd appreciate if there could be a setting in the app to control this.

This is a Spotify issue. Nothing WiiM can do about.

 

[Burnside]

I wonder if changing your device’s IP address might help?

 

[harkpabst]

In my experience, the device will eventually disappear (or at least he will no longer be able to actively connect to it). But I find this quite alarming, too.

 

[slartibartfast]

In my experience, the device will eventually disappear (or at least he will no longer be able to actively connect to it). But I find this quite alarming, too.

Aren't there settings to stop other Spotify accounts from connecting? Or do those settings just hide the device and any previously connected accounts can still connect. That's ridiculous.

 

[Burnside]

Aren't there settings to stop other Spotify accounts from connecting? Or do those settings just hide the device and any previously connected accounts can still connect. That's ridiculous.

No settings that I can see , and as I said it’s something that has been complained about for a long time by a lot of people.

 

[jfbuk]

I think this is a Spotify Connect issue and I would reach out to the Spotify community though I cannot see evidence of it ever being adequately answered

Why does Spotify Connect allow to stream outside my wifi?

I have a Bluesound Powernode with Spotify Connect. I was experiencing random music playback without me starting it. I found out that my daughter was able to see our device under the available devices list although she was at her home. She had unintentionally selected our device and wondered why...

community.spotify.com

 

[Burnside]

I think this is a Spotify Connect issue and I would reach out to the Spotify community though I cannot see evidence of it ever being adequately answered

Why does Spotify Connect allow to stream outside my wifi?

I have a Bluesound Powernode with Spotify Connect. I was experiencing random music playback without me starting it. I found out that my daughter was able to see our device under the available devices list although she was at her home. She had unintentionally selected our device and wondered why...

community.spotify.com

I’ve similarly never seen an adequate answer after years of questions like this in Alexa forums. Seemingly Spotify Connect is designed to do this. Lesson seems to be to not let guests use your WiFi to cast to your device in the first instance.

 

[Ronnie D]

One of my friends came over yesterday, and connected to my unit through Spotify connect over my WiFi to stream some music.

After he returned home he was still able to connect to my unit and stream music to it as it appears under the "On other networks" section in Spotify connect. He's been using this to incessantly spam me with baby shark and as far as I can see it's impossible to prevent him from doing this or force disconnect him from the device. I can start streaming my own music via Chromecast but there is nothing to stop him from connecting again, kicking me off the device.

While I don't mind my friend playing a joke on me, it is annoying and I don't particularly like that the WiiM is accessible over the internet by anybody that has connected to my WiFi.

Is it possible to disable this remote play feature at all?I assume closing the inbound ports used by Spotify connect will fix this, but this is fairly advanced for most users so I'd appreciate if there could be a setting in the app to control this.

I would return the favour. Go visit your friend and get his password and admin password for his router...?..
Just kidding.

 

[WiiMer SJ]

I would return the favour. Go visit your friend and get his password and admin password for his router...?..
Just kidding.

Let it go but remember the lesson. The novelty will dissipate.

 

[thatdoodle]

Hmm... A few people saying that nothing can be done on WiiMs side but as a network engineer I don't see a reason why it wouldn't be possible to add a setting which would stop listening on the ports Spotify connect runs over, or at the very least least prevent the device from advertising these ports to the routers UPNP service.
The only two that may cause issues for other services if closed are 80 and 443 since these are used for http/s, but I see no reason they should need to be opened inbound. It should only require outbound so the device can search for and download updates.

I will close these ports on my router and report back.

 

[jfbuk]

Hmm... A few people saying that nothing can be done on WiiMs side but as a network engineer I don't see a reason why it wouldn't be possible to add a setting which would stop listening on the ports Spotify connect runs over, or at the very least least prevent the device from advertising these ports to the routers UPNP service.
The only two that may cause issues for other services if closed are 80 and 443 since these are used for http/s, but I see no reason they should need to be opened inbound. It should only require outbound so the device can search for and download updates.

I will close these ports on my router and report back.

The reason we say that is because it a problem not confined to Wiim devices. Any device that act as a Spotify Connect endpoint can be sent audio, e,g Sonos Speaker, PC with the Spotify client app installed, etc.
It will interesting to hear how you get on

 

[Burnside]

The reason we say that is because it a problem not confined to Wiim devices. Any device that act as a Spotify Connect endpoint can be sent audio, e,g Sonos Speaker, PC with the Spotify client app installed, etc.
It will interesting to hear how you get on

…and whether that prevents your own use of Connect

 

[thatdoodle]

The reason we say that is because it a problem not confined to Wiim devices. Any device that act as a Spotify Connect endpoint can be sent audio, e,g Sonos Speaker, PC with the Spotify client app installed, etc.
It will interesting to hear how you get on

Unfortunately, the firewall on my router is not granular enough to block inbound ports for a specific destination IP/device MAC.

Using IPtables on my router I have tried dropping all connections to below destination ports;

57621,57622,4070,80,443 TCP
4070 UDP

Just in case my syntax is wrong i'll post my commands below

iptables -A FORWARD -p tcp --match multiport --dports 57621,57622,4070,80,443 -j DROP
iptables -A FORWARD -p udp --match multiport --dports 4070 -j DROP

Spotify is still able to connect remotely. Must be falling back to another port, but it's coming up to midnight and I don't have time to investigate further right now.

Without disabling upnp and running on a whitelist only basis it looks like blocking these connections is unfeasible for the average user.

 

[harkpabst]

If this approach had been successful (I didn't look at it in detail and did not try to verify/falsify it) and your router doesn't allow to define a whitelist based on MAC addresses, the result would still have been: No Spotify for you. Right?

It didn't sound to me like you're willing to take that disadvantage.