- Cybersecurity researcher discovered major vulnerability in popular PC speaker
- Creative Sound Blaster Katana V2X speakers could be used to hack users’ PCs via Bluetooth
- Creative will not provide a patch as it is not considered a vulnerability, but an interim third-party patch is available
Uncovering potential PC vulnerabilities is undoubtedly of great importance to any user, especially when hackers find new, easier ways to exploit systems – and unfortunately, there is one way a popular device can apparently lure attackers into attacking PCs.
As reported by Notebookcheck, cybersecurity researcher Rasmus Moorats discovered that Creative Sound Blaster Katana V2X speakers could be used to hack a user’s PC via a Bluetooth Low Energy exploit, dubbed Pwnd Blaster.
According to the researcher, all a PC user needs to do is connect the Katana V2X to their PC via USB, and anyone within 15 meters (and with the know-how) can use Bluetooth and the Creative app to connect to the speaker.
Everything is possible, it seems, without having to do any pairing first, and ultimately turning the speaker into a secret keystroke injector by flashing the speaker’s firmware, allowing changes to be made to the HID descriptor.
In fact, this allows a potential hacker to use the speaker as a keyboard and, therefore, execute malicious code – and in a real-world scenario, this would likely be done via PowerShell, posing a significant threat to PC security.
What makes matters worse is that there is no dedicated way to disable Bluetooth functionality on the Katana V2X, essentially leaving it open and vulnerable to any nearby attacker who knows how to perform this exploit.
Moorats contacted Creative to see if this could be fixed, but reports that he was told that this was not considered a vulnerability, as it “does not present a cybersecurity risk”, so no patch will be coming to prevent this from happening.
Fortunately, the Bluetooth handicap comes into play here, where an attacker would have to be in close proximity up to 15 meters away, And More importantly, Moorats has already created a partial fix via a tool available on GitHub. So it’s not the end of the world, especially since the chances of a hacker being within 15 meters (at least in your home) are slim.
Perhaps the biggest concern lies in the potential vulnerabilities that may be present among many other devices, especially those connected via Bluetooth and USB – and that’s a scary idea for any PC user.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
