Seller of the Sound Blaster Katana V2X doesn’t consider the behavior a vulnerability.
“Without being touched” seems unnecessary. That’s one possible definition for computers: completing tasks that do not require manual intervention. Automation.
BTW the real culprit here isn’t the USB connection but Creative’s proprietary but totally unprotected transfer protocol that allows third parties to communicate with the device both ways, even load new firmware. No code signing there, either.
Reminds me of Logitech’s Unified software that had so many holes and was patched frequently. It was never secure.
Don’t forget having it basically auto install on windows when plugging in one of their mice or keyboards.
It’s just crazy how many Bluetooth devices have broken (or completely absent) authentication and pairing security.
It’s very difficult to tell when they’re encrypted, too. Your Bluetooth keyboard and mouse could be broadcasting everything keystroke and click unencrypted to anyone within 100m or so.
And that’s just the accessories. There have been tons of exploits of phone and computer firmware over the years as well. Security is an afterthought at best with Bluetooth.
$300 for a PC speaker? Madness.
This is Sparta!
These are probably garbage, but some people have money and understand that a good set of speakers is more important than the latest GPU for immersion 🤷♂️
Tittel is misleading as this a variant of BadUSB where a device act as keyboard device.
And i agree and prefer that user is able to replace firmware.
