news.volyx.in

Pwnd Blaster: Hacking your PC using your speaker without ever touching it (blog.nns.ee)

700 points by xx_ns · 40 days ago · 123 comments on HN

Article summary

A security researcher discovered vulnerabilities in the Creative Sound Blaster Katana V2X speaker, allowing an attacker to remotely upload custom firmware and potentially turn the device into a covert spying tool or a keyboard emulator to execute arbitrary commands on a connected PC. The researcher was able to exploit these vulnerabilities without pairing with the device or physically touching it. The vulnerabilities were reported to Creative, but the company initially responded that they did not consider it a security risk. A patch has been created to block CTP-over-Bluetooth, but Creative has since pulled the firmware download URLs, leaving users vulnerable.

Main themes

  • Bluetooth security
  • Firmware vulnerabilities
  • IoT security risks
  • Vendor responsibility
  • USB device security
  • Covert surveillance

What commenters say

  • The ability to remotely upload custom firmware to a device connected to a PC poses a significant security risk, allowing for arbitrary code execution and potential data theft.
  • Companies that dismiss security vulnerabilities as non-issues are putting their customers at risk and demonstrating a lack of responsibility.
  • The security risks associated with smart devices, including Bluetooth-enabled speakers, are often underestimated and can have serious consequences.
  • The fact that a device can be compromised without physical access or pairing is a major concern, and vendors should take immediate action to address such vulnerabilities.
  • The potential for compromised devices to be used in botnets or for other malicious purposes is a significant threat, and users should be aware of the risks associated with connected devices.
  • Vendors' attempts to downplay or ignore security vulnerabilities can ultimately lead to more severe consequences, such as widespread attacks or data breaches.
  • The lack of security focus in the development of IoT devices is a major issue, and companies should prioritize security in their products to protect users.
  • Users should be cautious when using smart devices and consider the potential security risks, including the possibility of covert surveillance or data theft.