- A cyber security researcher has discovered a major vulnerability in a popular PC speaker
- The Creative Sound Blaster Katana V2X speakers can reportedly be used to hack users’ PCs via Bluetooth
- Ad material does not provide a patch as it is not seen as a vulnerability, but a temporary third-party fix is available
Discovering potential PC vulnerabilities is no doubt of great importance to any user, especially with hackers finding new and easier ways to exploit systems – and unfortunately, there’s one way a popular peripheral device seems to be allowing attackers to target PCs.
As reported by Notebookcheck, a cybersecurity researcher, Rasmus Moorats, has discovered that the Creative Sound Blaster Katana V2X speakers can reportedly be used to hack a user’s PC via a Bluetooth Low Energy exploit that has been dubbed Pwnd Blaster.
All that’s required, according to the researcher, is for a PC user to have the Katana V2X connected to their PC via USB, and anyone within 15 meters (and with the know-how) can use Bluetooth and the Creative app to connect to the speaker.
Anything is possible, it seems, without having to pair beforehand and ultimately turning the speaker into a hidden keystroke injector by flashing the speaker’s firmware, which allows changes to be made to the HID descriptor.
What this does is actually allow a potential hacker to use the speaker as a keyboard and therefore execute malicious code – and in a real-world scenario, this would likely be done via PowerShell, serving as a significant threat to PC security.
What makes matters worse is that there is no dedicated way to disable Bluetooth functionality on the Katana V2X, essentially leaving it open and vulnerable to any nearby attackers who know how to perform this exploit.
Moorats contacted Creative to see if this could be patched, but reports that he was told it was not considered a vulnerability as it “does not pose a cybersecurity risk,” so there will be no patch to prevent this from happening.
Fortunately, the handicap of Bluetooth is involved here, where an attacker must be close up to 15 meters, and most importantly, Moorats has already created a partial fix via a tool available on GitHub. So it’s not the end of the world, especially since the chances of a hacker being within 15 meters (at least at home) are slim.
Perhaps the biggest concern is the potential vulnerabilities that may be present among many other peripherals, especially those connected via Bluetooth and USB – and that’s a scary thought for any PC user.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
