[brogapp]

Thanks for sharing this. It’s a bit concerning that a consumer soundbar can receive unauthenticated firmware over BLE and then act like a BadUSB-style HID on the host. I’m not sure I agree with the vendor’s "no cybersecurity risk" assessment, considering how much access a trusted keyboard interface typically has.

[mminer237]

If you can "just type stuff", it is absolutely trivial to download absolutely any payload you want as long as you have network access and your antivirus doesn't stop it.

[cestith]

The point is this is a speaker, not a keyboard. A keyboard usually takes manual input from a human or from a cat. This is a speaker that, after an unauthenticated connection, can act as if it’s a keyboard, which is an unintended functionality from the factory.