DNS rebinding attacks have been around for over a decade. Google Home, Roku, Sonos speakers, smart home thermostats, Google Home and Chromecast can all be pwned. Roku’s External Control API allows direct control over button and key presses like a virtual remote. Sonos Wi-Fi speakers could also be a pivot point, gathering recon about your network that could be used for a follow-up attack. Roku developed a patch by the next morning and the fix has started rolling out to 20 million devices.”]