Bluetooth Connection from Random Strangers (Hijacking Prevention)

Is there a way to stop outsiders in the audience from connecting to your S1 Pro system and playing music or anything they like through your discoverable bluetooth S1 Pro's?

I had this happen to me tonight at a gig in a major club who contracts us to perform there and luckily it was a friend who made us aware of this flaw in the Bluetooth speakers (it really cheesed of the staff and our other clients, and it caused me to go into a panic, as these are very new speakers to me and I'm just learning them, overall a very bad experience for all).

I thought to myself "SURELY" there has to be a way to prevent anyone scanning and finding these speakers via Bluetooth, like a code for them to access them or something?

Any wisdom from anyone here would be muchly appreciated.

You can plug a 3.5mm (1/8") cable into the AUX input and it will override any device paired via Bluetooth. I confirmed this in the manual on P. 9: "Note: Anything connected via the AUX input will automatically override any device paired via Bluetooth connectivity."

I believe the most recent firmware changes BT connection procedure that now mandates actually pushing the BT button to pair/connect?
Correct me if I'm wrong ST?

Are you playing music through them yourself? If so then as long as your device doesn't drop the connection nothing else can connect. If you are not then just turn the BT/aux volume to zero.

This post moved to S1 Pro Firmware Update 7.1.5 January 2020

@ST is there another Bose website that describes the contents of a S1 firmware release in more detail like a formal release notes? The Notes column on the site mentioned above is very high level. For example, exactly what is the new security feature(s) in the BT connection?

Hi, Yendor.

Yendor posted:

I believe the most recent firmware changes BT connection procedure that now mandates actually pushing the BT button to pair/connect?
Correct me if I'm wrong ST?

You have to press the Bluetooth button to put S1 Pro into pairing mode the first time you pair a device. After that...

You don't have to push the Bluetooth button to pair/connect if you have already paired the S1 Pro to a device.  When you turn the S1 Pro on, if there are paired devices in the Bluetooth device list, the S1 Pro will try to reconnect to the last device to which it was connected. If that fails and no connection is made, the S1 Pro becomes available for pairing (without you having pressed the Bluetooth button).

ST

Post moved to S1 Pro Firmware Update 7.1.5 January 2020

I think where this guy got in, was I connect the first speaker (in a line array of 3 Bose S1's) via Bluetooth, then I connect the other 2 via a cable from Aux out to Mic In to connect them.

To override the other 2 connections I just disconnect the Bluetooth and run them from the first speaker (that is connected via Bluetooth) and then Aux them through to the other 2 speakers.

So you're staying that by turning down the "BT/Aux" volume to zero that will stop someone hijacking the other 2 speakers that are still open to be discovered on their devices?

I purchased these at the end of January and 2 more only late Feb, would the latest updates be in them already for Jan 2020?

It will if you turn the aux/BT volume to zero on them as well. If the 'audience' has access to them then nothing you can do will prevent somebody persistent enough from hacking the system.

WRT latest firmware, I have no idea but Bose don't have a good record for updating fw when repairing and dealers may have had stock on the shelf for a while. It's easy enough to check using the 'Bose Connect' app and I understand the update is pretty painless if you connect via USB (less so using BT).

Hi Adam,

Adam posted:

Is there a way to stop outsiders in the audience from connecting to your S1 Pro system and playing music or anything they like through your discoverable bluetooth S1 Pro's?

The ONLY way to prevent this from happening is to set up a connection from a Bluetooth device that you control to the S1 Pro - and for that connection to be active. While your device is connected to the S1 Pro, nothing else can pair to it.

I had this happen to me tonight at a gig in a major club who contracts us to perform there and luckily it was a friend who made us aware of this flaw in the Bluetooth speakers (it really cheesed of the staff and our other clients, and it caused me to go into a panic, as these are very new speakers to me and I'm just learning them, overall a very bad experience for all).

I'm sorry to hear this. Someone connected to your S1 Pro and started playing music through it?

I thought to myself "SURELY" there has to be a way to prevent anyone scanning and finding these speakers via Bluetooth, like a code for them to access them or something?

Bose doesn't use pairing codes. The Bluetooth implementation on the S1 Pro is the same across all of the Bose devices that use the Bose Connect app (that's most of the Bluetooth enabled products available from Bose).  Most customers have an active Bluetooth connection running when they use their Bluetooth headphones or Bluetooth speakers.

This approach makes it easy to use the Bose Connect app to connect two Bose devices in Party Mode or Stereo Mode (and wouldn't be possible if you had to enter a code to create the pair).

Any wisdom from anyone here would be muchly appreciated.

Please use the Bose Connect app and rename all your S1 Pro devices to something that doesn't look tempting to people who might try to connect to it.  Don't use a name that includes "Bose" and a name that looks unintelligible will probably be less inviting than "Adam's awesome Bluetooth speaker #1".

Notes:

If the S1 Pro is powered on, the Bluetooth system is active.

Doing either of the following does NOT disable Bluetooth or prevent pairing. However, no Bluetooth audio will be heard.

• Inserting a plug into the Aux jack
• Turning down the Aux channel

Adam posted:

I think where this guy got in,

Okay - that sounds like it really happened - someone wandered by and paired and played content through your S1 Pro.  Nasty.

was I connect the first speaker (in a line array of 3 Bose S1's) via Bluetooth,

If you have an active Bluetooth connection to your phone or tablet or computer, with the latest firmware (version 7.1.5 right now), no one else can connect to your S1 Pro via Bluetooth.

Please check that you have the latest firmware. Please see: S1 Pro Firmware for instructions on how to update via USB (much faster than using the Bose Connect app).

then I connect the other 2 via a cable from Aux out to Mic In to connect them.

Sure that sounds fine.

We have some notes about this here: S1 Pro Daisy Chain

To override the other 2 connections I just disconnect the Bluetooth and run them from the first speaker (that is connected via Bluetooth) and then Aux them through to the other 2 speakers.

So you're staying that by turning down the "BT/Aux" volume to zero that will stop someone hijacking the other 2 speakers that are still open to be discovered on their devices?

Turning down the Aux volume does not prevent pairing. Neither does Inserting a plug into the Aux jack

I purchased these at the end of January and 2 more only late Feb, would the latest updates be in them already for Jan 2020?

It's unlikely that your S1 Pro systems had the latest firmware (7.1.5 released in January 2020).

The fastest way to check the firmware level and update if necessary is to  follow the instructions on this page S1 Pro Firmware

or

Use the Bose Connect app and check the Settings | Product Information.

I understand it may be difficult to prevent people from connecting to your three S1 Pro systems because it may not be convenient to have active Bluetooth connections to all three of them. You can prevent the unwanted connections from actually playing music through your S1 Pro systems by turning off the Aux volume on all three units.

You can use the Bose Connect app to terminate and remove unauthorized connections.

People have asked about the possibility of people connecting to our S1 Pro systems here in the community but there have been very few reports of it actually happening. I'm sorry, it sounds like it happened to you. We have discussed the concern with the Bose product, service, and engineering teams. Adding security codes to Bluetooth connections would make it impossible to use the Bose Connect app to connect to set up Party Mode and Stereo Mode for multiple devices.

I'm sorry I don't have a better answer for you.

ST

There's one option not yet mentioned: turn the Bluetooth interface off

Right after power up if you hold the Bluetooth button down for ~10 seconds the blinking will stop and the Bluetooth light will go out. The system will restart when it comes back up, Bluetooth will be off. In fact the next time you power up Bluetooth it will still be off. You will need to hold the Bluetooth button down for ~3 seconds get Bluetooth to come back on.

Also, if a device is already connected to the S1, holding the Bluetooth button down for ~3 seconds will disconnect it and put the S1 back in pairing mode. Keep holding the Bluetooth button down for another ~10 seconds and the system will restart and come back up with Bluetooth off.

With my iPhone once I have done any of the above I have to tell the iPhone to "Forget this device" for the Bose S1 device I was using and then (and this is critical) turn Bluetooth on the phone off and back on again. A new Bose S1 device will appear on the phone's list of devices. Select the new Bose S1 device and it should connect.

I just tried this again with the 7.1.5 firmware and it still works. I didn't check but I'm pretty sure this is documented in the User Manual.

Hope this helps.  _Roger

Hi, Roger.

Thanks for adding this point.

I shouldn't write these complex replies from memory. I forgot about clearing the Bluetooth device list - because it's inconvenient if you have several devices paired to the S1 Pro.  

Clearing the Bluetooth Device List

Press and hold the S1 Pro Bluetooth button until the light goes out and this will clear the Bluetooth device list. At this point, no Bluetooth connections can be made until you create a new paired connection.

This means that any devices (phone, tablet, computer) that you had previously paired to the S1 Pro will not be able to connect until you forget the connection (remove the S1 Pro from the device list) and then go through the pairing process.

To initiate pairing when the S1 Pro has no paired devices in the Bluetooth device list, you must press and hold the S1 Pro Bluetooth button until it blinks (approximately 3 seconds). Pairing cannot be initiated remotely.

To all, you can read more at here  S1 Pro Bluetooth

ST

rpease, this is exactly how I think I will do it... Turn off the other auxiliary connected S1's connected via the aux cable and just use bluethooth on the main first S1 pro in the chain.

As I don't have the latest and greatest iPad I cannot use the Bose connect app fully, so have to create work arounds, till I can get a newer iPad that supports them fully and the Bose app fully.

I'm not even sure if there is a way to rename them all with my existing iPad, so they're not all Bose S1 Pro, that might also deter would be hackers.

My other question is, how to rename the Bose speakers so they don't say "Bose S1 Pro" I tried this in my bose connect app and they don't come up with my new name in my other bluetooth devices that control that speaker, they still show as "Bose S1 Pro" not the new name I called it from my bose connect app in my phone.

So for example, when I go to my iPad and search for the bluetooth device, even though I've made a big long name for the bose speaker in the connect app, my iPad still shows as "Bose S1 Pro"?

Not sure how to change this or why it's not working?

I also cannot download the Bose Connect App as my iPad is too old apparently, and it won't update to Apple 11 update... Any workarounds that you know of I'd be so grateful (as I don't particularly want to update my 3 other iPads that back each other up with 3 new ones, just so I can download and use the Bose Connect App).

This is indeed a bit frustrating, locking us into using new technology if the above is the case and needing a new iPad.

This s not a new problem and is mostly, but not entirely, Apples fault for only including the minimum of legacy support in iOS and insisting that only apps that are signed off for the latest iOS can be accessed through the app store. I am in a similar situation with my Mackie Master Fader software. The mixer will work happily with old firmware and app (MF2/Classic, the two have to match) but the old app will not run on my new iPad/Phone and the newest app/fw (MF5) will not run on my two older iPads due to their iOS version being maxed. Mackie, for a while, did have two versions of the app on the app store one to cater for older iPads but that has now gone. Fortunately MF4 will run on all my iPads so I'm currently ok for a while at least (and it can be done, please note Bose). TBF I have had my Mackie DL for 7 years and fully expect it to be my most used desk until I finally hang up my mic leads.

Hi Adam,

Adam posted:

My other question is, how to rename the Bose speakers so they don't say "Bose S1 Pro" I tried this in my bose connect app and they don't come up with my new name in my other bluetooth devices that control that speaker, they still show as "Bose S1 Pro" not the new name I called it from my bose connect app in my phone.

So for example, when I go to my iPad and search for the bluetooth device, even though I've made a big long name for the bose speaker in the connect app, my iPad still shows as "Bose S1 Pro"?

Not sure how to change this or why it's not working?

Please see my notes below. I just went through the process.

I also cannot download the Bose Connect App as my iPad is too old apparently, and it won't update to Apple 11 update...

This is the information from the Apple App Store.

You should be okay with iOS 11.

Any workarounds that you know of I'd be so grateful (as I don't particularly want to update my 3 other iPads that back each other up with 3 new ones, just so I can download and use the Bose Connect App). 

This is indeed a bit frustrating, locking us into using new technology if the above is the case and needing a new iPad.

When you first set up the connection you

• Pair the S1 Pro with the iPad
  • S1 Pro in pairing mode
  • iPad
    • Settings
      • Bluetooth
      • When you see Bose S1 Pro connect to it
• Start the Bose Connect app
  • Select the Bose S1 Pro
  • It should pop up with a message to Nickname it
  • Enter a new name (e.g. "boring device",
  • Tap Continue
• From that point on, the iPad and other Bluetooth devices should see it as "boring device" [I just double-checked the steps as I was typing this]

If you want to change the name later,

• Start Bose Connect
• Connect to the S1 Pro
  • Tap the gear icon (top right)
  • Tap Name (you will see Nickname It)
  • Tap the old name
  • Enter a new name
  • Tap Continue

Can you change the name now?

ST

Unfortunately my iPad 2 & 3 are  maxed out at iOS 9 

TBF that is an Apple issue not Bose's problem.

I can change the name now, it turns out my iPad is only ios 10, so it won't work.

So I've used my android device phone to download it and use that, I can change the name on 3 of my 4 S1's.

But...

The 4th one, I sync it up, change the nickname, then the download updater downloads (and takes forever) and when it gets to the last 99th%, it starts all over again...

This is a real bummer as I have no idea how to update my 4th S1 Pro to the latest version.

I notice there is a service port for these speakers, is there a way to download this update and install it manually from my computer?