|
|
|
|
|
|
by rkagerer
14 days ago
|
|
|
This is a well written article and easy to digest, worth a skim. In summary he figured out how to reflash arbitrary firmware on a Creative Sound Blaster Katana V2X soundbar via Bluetooth, without requiring any effective authentication or user interaction. The soundbar is plugged directly into its host computer via USB, so by adding a descriptor to its firmware he made it recognized as a keyboard. From there it was straightforward to have it send keystrokes to the PC. The soundbar is equipped with a mic, so an adversary could turn it into an eavesdropping device. He reported it to Creative and SingCERT. Neither him or SingCERT got any meaningful response from the company until 2 months later, eventually saying "they do not consider this to be a vulnerability, as it does not present a cybersecurity risk". He released a firmware patcher that disables the flawed transport protocol. It's a bit of a sledgehammer that likely also breaks functionality of the official Bluetooth app, but seems like the best he could do without cooperation from the manufacturer. |
|
|
But the headline is enshitified.