- A cybersecurity researcher has discovered a major vulnerability in a popular PC speaker
- Creative Sound Blaster Katana V2X speakers can reportedly be used to hack users’ PCs via Bluetooth
- Creative will not provide a patch because it is not considered a vulnerability, but a third-party workaround is available
Discovering possible PC vulnerabilities is undoubtedly of great importance for any user, especially now that hackers are finding new and easier ways to exploit systems and, unfortunately, there is a way that a popular peripheral can apparently lead attackers to attack PCs.
As reported by Notebookcheck, a cybersecurity researcher, Rasmus Moorats, discovered that the Creative Sound Blaster Katana V2X speakers can be used to hack a user’s PC via a Bluetooth Low Energy exploit, which has been dubbed Pwnd Blaster.
All that is needed, according to the researcher, is for a PC user to have the Katana V2X connected to their PC via USB, and anyone within 15 meters (and with the technical know-how) can use Bluetooth and the Creative app to connect to the speaker.
It seems that everything is possible without having to pair it beforehand and ultimately turning the speaker into a covert keystroke injector by updating the speaker firmware, allowing changes to be made to the HID descriptor.
Effectively what this does is allow a potential hacker to use the speaker as a keyboard and therefore execute malicious code; and in a real-world scenario, this would likely be done via PowerShell, which would pose a significant threat to PC security.
What makes matters worse is that there is no specific way to disable Bluetooth functionality on the Katana V2X, essentially leaving it open and vulnerable to any nearby attackers who know how to execute this exploit.
Moorats contacted Creative to see if this could be patched, but was told it was not considered a vulnerability as it “does not present a cybersecurity risk”, so no patch is coming to prevent this from happening.
Fortunately, the Bluetooth handicap comes into play here, where an attacker would have to be at a distance of up to 15 meters, and Most importantly, Moorats has already created a partial solution through a tool available on GitHub. So it’s not the end of the world, especially since the chances of a hacker being within 15 meters (at least at home) are slim.
Perhaps the biggest concern is the potential vulnerabilities that may be present among many other peripherals, particularly those that are connected via Bluetooth and USB, and that’s a scary thought for any PC user.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
