USB: According to media reports, cyber security researcher Rasmus Mølgaard discovered this vulnerability when he purchased a Katana V2X soundbar for himself.
(Virus can also enter the system through USB)
USB: Computer and operating system manufacturers typically implement numerous security measures to prevent external devices from gaining unauthorized control over the system. Typically, a hacker must overcome multiple security layers to carry out an attack such as remote code execution. However, new research has shown that in some cases, simply being within Bluetooth range can be enough to compromise a computer.
Researchers found that the Sound Blaster Katana V2X speaker from Singapore-based company Creative Technologies contains flaws that could allow an attacker to gain access to the computer connected to the speaker without touching it.
The search began with a simple inquiry.
According to media reports, cybersecurity researcher Rasmus Murats discovered the vulnerability when he purchased a Katana V2X soundbar. The device can connect to Windows, Mac, and Linux systems via both USB and Bluetooth.
Murat was trying to develop Linux tools for this speaker. He discovered that the speaker uses a special communication system called the Creative Transport Protocol (CTP). This protocol allows connected devices to control the speaker's LED lights, equalizer settings, and other features.
Connection made without pairing and authentication
The most surprising thing that came to light during the investigation was that a Bluetooth device could connect directly to the speaker without any authentication and pairing process even though the speaker was already connected to a PC via USB.
Furthermore, a command in the CTP could also modify the speaker's firmware. Firmware updates typically use security techniques like digital signatures or code signing to ensure only official software is installed. However, no such protections were in place here.
As a test, the researcher installed his own custom firmware into the speaker, which simply displayed the word "patched" on the LED display. This successful experiment proved that unauthorized firmware could be easily installed into the device.
Keyboard built into the speaker
The researchers then examined the FreeRTOS operating system used in the speaker. The investigation revealed that the device possessed Human Interface Device (HID) capabilities. The HID category includes devices such as keyboards, mice, and webcams.
Murat discovered that the speaker's USB descriptor could be modified. A USB descriptor is information that tells a computer what the connected device can do.
They modified this information to make the speaker recognize itself as an additional keyboard. The speaker was then able to send commands to the computer just like a keyboard.
airborne commands
Following this discovery, the researchers conducted another experiment. They sent commands to the speaker via Bluetooth, and the speaker transmitted those commands to the computer via the HID feature. During the test, they successfully uploaded firmware that automatically typed and executed commands on the computer after a reboot.
In a real attack scenario, an attacker could open PowerShell or other system tools and run a malicious script, potentially compromising the system.
What's even more worrying is that the speaker's Bluetooth mode remains active even in sleep mode, and there's no obvious option to turn it off completely.
Security is present but easily bypassed.
A challenge-response authentication process typically occurs between the USB-connected device and the speaker. However, according to the researchers, this security is not very strong because the necessary information can be extracted from the software that comes with the speaker.
Bluetooth connections, on the other hand, were found to require no such challenge or verification process, making the attack even easier.
The company did not acknowledge the security threat.
Rasmus Moorats reported his findings to Creative Technologies but received no response. Later, CERT Singapore was contacted, which led to a response from the company.
According to the report, company engineers refused to recognize this behavior as a security vulnerability. The researcher conducted his tests on a Windows system, where the attack was successful.
Should all users be worried?
However, this attack has a significant limitation. The attacker must be within Bluetooth range of the speaker. This means that a neighbor, coworker, roommate, or someone nearby could carry out such an attack.
Nevertheless, this case highlights that smart Bluetooth devices are not just audio or convenience devices. If they contain security flaws, they can also become a means of accessing computers. This also raises the question of whether other Bluetooth devices may harbor similar vulnerabilities that have not yet been discovered.
-
Tottenham: Micky van de Ven reveals World Cup talks with Jan Paul van Hecke amid Spurs’ pursuit
-
Fabrizio Romano says Man City prepare fresh bid for Elliot Anderson as Man United’s move depends on two key factors
-
“Sometimes I fear it’s all an illusion”: Can former Bundesliga forward Sergej Barbarez script an extraordinary World Cup story after Bosnia’s humiliating setbacks at the 2026 tournament?
-
Gary Neville believes Cole Palmer would shine at Manchester United
-
World Cup 2026 Jerseys: Complete Ranking of Every Home and Away Kit from Worst to Best
