Spotify Knows What TV You Have

Posted April 30, 2017; 2 min read

I was playing around with WireShark today and sniffing my home network when I noticed some interesting HTTP requests, similar to the one below.

GET /dd.xml HTTP/1.1
Host: XXX.XXX.XXX.XXX:43214
User-Agent: Spotify/105300758 OSX/0 (MacBookPro10,1)
Keep-Alive: 0
Connection: keep-alive
Accept-Encoding: gzip

I quickly noticed that the request’s (redacted) destination IP was on my local network and that it the Spotify app running on my laptop was the user agent. This raised some alarms as I’d never connected Spotify on my laptop with any smart devices in my home.

Here’s what HTTP responses looked like.

<root xmlns="urn:schemas-upnp-org:device-1-0">
  <specVersion>
    <major>1</major>
    <minor>0</minor>
  </specVersion>
  <device>
    <deviceType>urn:schemas-upnp-org:device:Basic:1</deviceType>
    <friendlyName>...</friendlyName>
    <manufacturer>Sony Corporation</manufacturer>
    <manufacturerURL>http://www.sony.net/</manufacturerURL>
    <modelDescription>BRAVIA</modelDescription>
    <modelName>...</modelName>
    <UDN>...</UDN>
    <serviceList>
      <service>
      <serviceType>urn:dial-multiscreen-org:service:dial:1</serviceType>
      <serviceId>urn:dial-multiscreen-org:serviceId:dial</serviceId>
      <SCPDURL>/DIALSCPD.xml</SCPDURL>
      <controlURL>/upnp/control/DIAL</controlURL>
      <eventSubURL/>
      </service>
    </serviceList>
    <av:X_DIALEX_DeviceInfo xmlns:av="urn:schemas-sony-com:av">
      <av:X_DIALEX_AppsListURL>
        http://XXX.XXX.XXX.XXX:80/DIAL/sony/applist
      </av:X_DIALEX_AppsListURL>
      <av:X_DIALEX_DeviceType>Android_TV_DIAL_v2.0.0</av:X_DIALEX_DeviceType>
    </av:X_DIALEX_DeviceInfo>
  </device>
</root>

If you can’t tell, that’s (redacted) information about Sony television. What’s going on?

Some further Googling explained it. My TV hosts a Universal Plug and Play (UPNP) service that allows other devices to discover it’s presence. UPNP is used for wireless printers, gaming consoles, TVs, etc. It is possible to configure your router to disable UPNP, as many have done due to vulnerabilities, but that might result in a loss of functionality.

Spotify probably aren’t using this device information for anything malicious. However, it strikes me that third parties (think Google, Amazon and others) can discover what devices you have in your home and could use this to improve their ad targeting.