- cross-posted to:
- cybersecurity@infosec.pub
- cross-posted to:
- cybersecurity@infosec.pub
Seller of the Sound Blaster Katana V2X doesn’t consider the behavior a vulnerability.
You must log in or # to comment.
It’s just crazy how many Bluetooth devices have broken (or completely absent) authentication and pairing security.
It’s very difficult to tell when they’re encrypted, too. Your Bluetooth keyboard and mouse could be broadcasting everything keystroke and click unencrypted to anyone within 100m or so.
And that’s just the accessories. There have been tons of exploits of phone and computer firmware over the years as well. Security is an afterthought at best with Bluetooth.
I miss when Creative Labs meant you were buying a top notch sound card.
“Without being touched” seems unnecessary. That’s one possible definition for computers: completing tasks that do not require manual intervention. Automation.
BTW the real culprit here isn’t the USB connection but Creative’s proprietary but totally unprotected transfer protocol that allows third parties to communicate with the device both ways, even load new firmware. No code signing there, either.
Reminds me of Logitech’s Unified software that had so many holes and was patched frequently. It was never secure.
$300 for a PC speaker? Madness.
These are probably garbage, but some people have money and understand that a good set of speakers is more important than the latest GPU for immersion 🤷♂️
This is Sparta!
kicks speaker into trash can
Tittel is misleading as this a variant of BadUSB where a device act as keyboard device.
And i agree and prefer that user is able to replace firmware.
Not really. You can’t just walk by with a cell phone to configure a flash drive that is already plugged in and convert it to an attack vector. The method of setting up the attack device is the shocking part. You don’t even have you push a pairing button on the speaker to connect to it.
