Yamaha YAS-109 Soundbar has Excessive Network Traffic
This is an appeal to any of you who is coding for, or otherwise developing connected devices, to put some extra thought into your network traffic. Maybe also a warning to consumers and an encouragement to us tech savvy people to monitor your connected devices.
I recently bought a soundbar for my TV, a Yamaha YAS-109. When I looked at my Pi-hole dashboard a few weeks later, I was surprised. The soundbar was by far the most active device on my network, event though it has mostly been “turned off” (standby mode).
Looking at what all these requests are, filtered on the soundbar only, shows the following.
Clearly it’s calling the Alexa service a lot and I want to point out that I have hit the mute button, that according to the manual, should ensure privacy (disable Alexa). The manual also states that I have to configure an Amazon account if I want to use the Alexa service, which I haven’t done.
Resetting Pi-hole statistics and just looking at a few minutes of traffic, I saw the following requests:
- ap.spotify.com (~14 times/min)
- avpro.global.yamaha.com (~8 times/min)
- avs-alexa-na.amazon.com (~8 times/min)
- www.google.com (~3 times/min)
- various NTP servers (~3 times/min)
Note that this was logged when the device was in standby mode and no traffic is blocked, so it shouldn’t be a bad retry logic gone wild. The soundbar has Spotify Connect, but I haven’t used that feature. Why it needs to contact www.google.com so often, or frankly - at all, is beyond my understanding. Although I have a bad habit of checking my wrist watch a bit too often, I think calling a time server several times a minute for a soundbar in standby mode is just ridiculous.
This isn’t the worst example of an Internet of Shit device, since the core functionality of being a speaker works perfectly fine without an Internet connection (that’s the way I run it now). I don’t know why it’s “calling home” so frequently, it might not be evil, but it sure abuses my network in a non-justifiable way.
So, if your company produces similar consumer electronics and especially if you’re writing the code for it, please don’t do this. If you’re not monitoring your home network, please do. Setting up Pi-hole is really simple!