Hacking your PC using your speaker without ever touching it
3 hours ago
- #IoT Security
- #Bluetooth Vulnerability
- #Firmware Exploitation
- The Creative Sound Blaster Katana V2X speakers are vulnerable to remote attacks via Bluetooth, allowing unauthenticated command execution and firmware updates.
- The firmware lacks signature verification and only checks a SHA-256 checksum ('CHK2'), making it easy to upload maliciously patched firmware.
- An attacker can craft firmware to turn the speaker into a covert spying tool or a USB Rubber Ducky by injecting keystrokes into a connected PC.
- Vulnerabilities exist because Bluetooth Low Energy (BLE) connections do not require pairing, and the CTP protocol is bridged to both USB and BLE.
- The vendor, Creative, was contacted but did not consider the issue a cybersecurity risk; no patches are available, so a community patch tool is provided.