this post was submitted on 03 Jun 2026
219 points (98.2% liked)

Technology

85357 readers
4900 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 3 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
219
Pwnd Blaster: Hacking your PC using your speaker without ever touching it (blog.nns.ee)
submitted 1 week ago by JensSpahnpasta@feddit.org to c/technology@lemmy.world
25 comments fedilink hide all child comments
top 25 comments
sorted by: hot top controversial new old
[–] aMockTie@piefed.world 81 points 1 week ago (3 children)

Awesome write up.

Allowing arbitrary firmware updates without any signature validation, over Bluetooth, even unpaired and in sleep mode, and without any authentication is absolutely wild and should be criminal negligence.

It took Creative nearly two months to respond to SingCERT. Unfortunately, their response was that "they do not consider this to be a vulnerability, as it does not present a cybersecurity risk"

What a foolish response. The guy wasn't asking for money and gave them everything they would need to make a patched firmware.

[–] gnufuu@infosec.pub 40 points 1 week ago (1 children)

"It's not a vulnerability, no I'm not crying"

[–] aMockTie@piefed.world 4 points 1 week ago

"You're the vulnerability"

[–] homesweethomeMrL@lemmy.world 24 points 1 week ago (2 children)

Came to comment the same.

Getting in touch with Creative was a frustrating process.

They do not have any security contacts. In fact, I wasn't even able to find regular contacts that wasn't just a support form on their website. I tried (two times) to get in contact with them via the web form before giving up and contacting SingCERT to act as an intermediary, hoping they would have better luck reaching Creative.

Initially, SingCERT didn't seem to be able to get in contact with Creative either. It took Creative nearly two months to respond to SingCERT. Unfortunately, their response was that "they do not consider this to be a vulnerability, as it does not present a cybersecurity risk". I don't know how they reached this conclusion, but it became clear that Creative had no interest in responding to or addressing this issue.

That and it has a microphone built in.

[–] KryptonNerd@slrpnk.net 8 points 1 week ago (1 children)

Well I won't be buying another creative product ever again

[–] gnate@lemmy.world 3 points 1 week ago

I didn't even know that was still an option.

[–] aMockTie@piefed.world 6 points 1 week ago

I don't understand how this can still happen with a well known brand in 2026. Personally the microphone is the least concerning aspect of this finding, since a Bluetooth connection would still be required. With more dedicated research, the BadUSB aspect is far more concerning in my book. Plug the speaker into a computer, even once and only to charge, and the computer is pwned? Preventing any future patching? I don't know how I could ever trust one of these devices going forward.

[–] a_non_monotonic_function@lemmy.world 19 points 1 week ago (1 children)

"does not present a cybersecurity risk..." to them.

[–] aMockTie@piefed.world 4 points 1 week ago

I suppose that depends on your definition of a cybersecurity risk. Unfortunately it likely won't matter to them unless it starts affecting their bottom line.

[–] otter@lemmy.ca 32 points 1 week ago

The way BLE (Bluetooth Low Energy) works is that each device has various registers (called GATT characteristics) that, if you're connected to the device, you can write to, read, subscribe to notifications for, and so on. What's important to note is that to connect to a device, you don't need to (necessarily) pair with it. You can often just connect with a device and immediately start reading and writing data to characteristics. Pairing establishes encryption, but a connection can be made without it.

To my surprise, upon reading the characteristic 9e9daaeb-3a10-4fe8-b69f-7397aff77886, I was greeted with the full version string. This means anyone can just connect to any Katana V2X over Bluetooth and start sending CTP commands to it, reading information, changing settings, etc.

I thought of the implications for a bit. The speaker has a microphone. An attacker could, theoretically, upload a custom firmware that effectively turns the speaker into a covert monitoring device, listening in on conversations and forwarding them to a receiver over Bluetooth.

What was more interesting to me was the fact that the speaker is, in a standard setup, connected to a PC over USB. It's by all means a trusted USB device.

What if we wrote custom firmware that forced the speaker into acting as a keyboard, sending keystrokes for opening up the terminal and executing arbitrary commands? We would turn the speaker into a Rubber Ducky, but remotely, without ever having to plug anything into either the speaker or the PC.

[–] squaresinger@lemmy.world 9 points 1 week ago (1 children)

At first, I thought it was an attack using audio only. That would have been crazy impressive.

[–] Lumisal@lemmy.world 5 points 1 week ago

My speakers can't get hacked like this luckily.

They use a headphone jack line.

[–] LovableSidekick@lemmy.world 4 points 1 week ago* (last edited 1 week ago)

As someone who's done only minimal hacking I found this fascinating and very readable. I could skim the parts I was only sort of familiarish with and still follow the overall plot, and I felt like with a little research I could actually do what he was describing. Probably the best-written piece about hardcore hackery I've ever read!

[–] ITGuyLevi@programming.dev 3 points 1 week ago

Amazing job and beautifully written! Now I kind of want one of these speakers lol.

[–] Reygle@lemmy.world 3 points 1 week ago

I enjoy knowing people like this exist.

[–] NotMyOldRedditName@lemmy.world 2 points 1 week ago

That was a great read, and wild that all of that was possible.