A security researcher discovered vulnerabilities in the Creative Sound Blaster Katana V2X speaker, allowing an attacker to remotely upload custom firmware and potentially turn the device into a covert spying tool or a keyboard emulator to execute arbitrary commands on a connected PC. The researcher was able to exploit these vulnerabilities without pairing with the device or physically touching it. The vulnerabilities were reported to Creative, but the company initially responded that they did not consider it a security risk. A patch has been created to block CTP-over-Bluetooth, but Creative has since pulled the firmware download URLs, leaving users vulnerable.