USB Speaker Can Be Hacked via Bluetooth to Infect Connected PCs
Original: How a USB-connected speaker can infect a PC without ever being touched
Why This Matters
Demonstrates how peripheral devices can become attack vectors for remote code execution
Security researcher Rasmus Moorats discovered that Creative's Sound Blaster Katana V2X speaker ($283) can be compromised via Bluetooth without authentication, allowing attackers to inject malicious firmware and send keystrokes to connected computers through USB.
The vulnerability exploits Creative's proprietary CTP (Creative Transport Protocol) which accepts Bluetooth commands without pairing or authentication. Moorats found he could replace the speaker's firmware with custom code since it lacks code signing protection. By modifying the USB descriptor to make the speaker appear as both an audio device and keyboard, attackers can remotely send keystrokes to connected PCs. The attack works by connecting to the speaker via Bluetooth, uploading malicious firmware, then using HID functions to simulate keyboard input on the target computer. Creative Technologies has not classified this as a security vulnerability despite the clear attack vector.