Pwnd Blaster: Hacking your PC using your speaker without ever touching it
- Security
- Hardware
- Consumer Tech
- Infrastructure
The post walks through a clean BadUSB-style exploit against a Creative Sound Blaster Katana V2X soundbar. The key issue is not "sound over speakers" or some exotic acoustic side channel. It is much simpler and worse. The device exposes a Bluetooth Low Energy firmware update path that does not require pairing or effective authentication, so someone nearby can load custom firmware onto the soundbar. Because the soundbar is also connected to the host computer over USB, that custom firmware can change the USB descriptors and make the speaker present itself as a keyboard, then inject keystrokes that open a terminal and run commands on the PC. The hardware also has a microphone, so the compromise can turn a consumer speaker into a listening device. The researcher says Creative and SingCERT got the report, but Creative eventually responded that they do not consider it a vulnerability because it does not present cybersecurity risk. The researcher then shipped a blunt third-party patch that disables the flawed transport, even though it likely breaks official Bluetooth app features.
Treat any USB-connected peripheral with wireless update paths as part of your endpoint attack surface, not as an inert accessory. If you buy or deploy this class of device, lock down new HID devices and prefer gear that can be updated or managed without unauthenticated radio control.
-
blog.nns.ee
- Discuss on HN