The Roku streaming video device and the Sonos Wi-Fi speakers suffer from the same DNS rebinding flaw reported in Google Home and Chromecast devices earlier this week.
A team of academic researchers has demonstrated that it’s possible to possible to closely mimic legitimate voice commands in order to carry out nefarious actions on these home assistants.