A USB-connected speaker can infect a PC without ever being touched
5 hours ago
- #Hardware Vulnerability
- #Bluetooth Security
- #Remote Code Execution
- Operating systems have safeguards to block remote commands, but a Bluetooth vulnerability in Creative's Sound Blaster Katana V2X speaker allows remote code execution without authentication.
- Researcher Rasmus Moorats found that the speaker's Creative Transport Protocol (CTP) lets devices send commands and upload custom firmware without pairing or code signing, posing a security risk to connected PCs, Macs, and Linux devices.
- The $283 speaker, praised for its sound, can be exploited by hackers within Bluetooth range to bypass security measures and potentially compromise the connected system.