Critical Bluetooth vulnerabilities in Creative Sound Blaster Katana V2X allow remote keystroke injection and spying
By
Author | Rasmus Moorats
Sesame, salt, and substance. A flagship bake.
Summary
A security researcher reverse-engineered the firmware of a Creative Sound Blaster Katana V2X speaker and discovered critical Bluetooth protocol vulnerabilities. These flaws allow any attacker within ~15 meters to exploit the speaker as a covert spying tool or a Rubber Ducky (keystroke injection device) without ever pairing with or physically touching the target's PC. The article details the technical reverse engineering process, the unauthenticated CTprotocol, and the security implications of the discovered vulnerabilities.
Key quotes
· 3 pulledWhat initially started as simply wanting to write a Linux tool for communicating with my speaker ended up with me discovering vulnerabilities which allow any attacker within a ~15M range of any Katana V2X to turn it into a covert spying tool and Rubber Ducky - all without ever having to pair with or physically touch the device.
As I explained in my previous post, the Katana V2X is a USB-connected PC sound bar.
Being USB-connected, Creative has an app which allows you to c
You might also wanna read
Researchers Demonstrate How Inaudible Audio Commands in Podcasts and Videos Can Hijack AI Voice Assistants
Researchers have demonstrated a new cybersecurity threat where hackers can embed inaudible sounds into podcasts, YouTube videos, or other au
futurism.com·7d ago
GitHub patches critical remote code execution vulnerability in under six hours after AI-assisted discovery
GitHub patched a critical remote code execution vulnerability in under six hours last month. The flaw, discovered by Wiz Research using AI m
The Verge·1mo ago