Spotify Knows What TV You Have
Posted April 30, 2017; 2 min read
I was playing around with WireShark today and sniffing my home network when I noticed some interesting HTTP requests, similar to the one below.
I quickly noticed that the request’s (redacted) destination IP was on my local network and that it the Spotify app running on my laptop was the user agent. This raised some alarms as I’d never connected Spotify on my laptop with any smart devices in my home.
Here’s what HTTP responses looked like.
If you can’t tell, that’s (redacted) information about Sony television. What’s going on?
Some further Googling explained it. My TV hosts a Universal Plug and Play (UPNP) service that allows other devices to discover it’s presence. UPNP is used for wireless printers, gaming consoles, TVs, etc. It is possible to configure your router to disable UPNP, as many have done due to vulnerabilities, but that might result in a loss of functionality.
Spotify probably aren’t using this device information for anything malicious. However, it strikes me that third parties (think Google, Amazon and others) can discover what devices you have in your home and could use this to improve their ad targeting.