Sound blaster katana speaker vulnerable to remote pc attacks

English

A researcher has shown that the Sound Blaster Katana V2X speaker from Creative Technologies can be used to infect a connected computer with malicious commands over Bluetooth. The attack requires no pairing and works even without physical access to the device.

Rasmus Moorats discovered the issue after buying the $283 speaker, which connects to computers via USB or Bluetooth. He found that an unauthenticated Bluetooth device could upload custom firmware to the speaker without code signing protections.

Moorats then modified the firmware to make the speaker emulate a keyboard. This allowed commands sent over Bluetooth to reach the connected PC, where they could open a terminal and run arbitrary code.

In a proof of concept, Moorats executed the command "echo pwned" on the target machine. He reported the findings to Creative Technologies, which said its engineers did not view the behavior as a vulnerability.

The attack is limited to devices within Bluetooth range, such as those belonging to neighbors or housemates. Bluetooth remains active on the speaker even during sleep mode.

Related Articles

OpenClaw patches severe vulnerability granting admin access

Developers of the popular AI tool OpenClaw released patches for three high-severity vulnerabilities, including one that allowed attackers with basic pairing privileges to silently gain full administrative control. The flaw, tracked as CVE-2026-33579 and rated up to 9.8 out of 10 in severity, has raised alarms among security experts. Thousands of exposed instances may have been compromised unknowingly.

Hackers abuse UltraVNC, Splashtop, and ScreenConnect to hijack business PCs

Reported by AI

Hackers are misusing legitimate remote access tools to target business computers. The tools involved include UltraVNC, Splashtop, and ScreenConnect.

Linux

Greg Kroah-Hartman runs AI-assisted fuzzing on Linux kernel

Linux

Single errant character triggers high-severity Linux vulnerability

Linux

Linux kernel patch proposes detecting malicious USB devices

Daemon Tools app hit by monthlong supply-chain attack

Daemon Tools, a popular disk image mounting app, was compromised in a supply-chain attack starting April 8, delivering malware through official updates. Security firm Kaspersky reported infections on thousands of machines across over 100 countries. Users are urged to scan their systems immediately.

Bose QuietComfort Ultra headphones lose features after firmware update

Reported by AI

Users of the Bose QuietComfort Ultra Headphones (2nd Gen) are reporting anger over lost key features following a firmware update. The issue has prompted complaints, with guidance available on joining the list of affected owners. TechRadar highlighted the problem in a recent article.

June 09, 2026 04:36

Single character triggers high-severity Linux kernel vulnerability

May 23, 2026 01:36

Linux kernel flaw lets unprivileged users gain root access

May 14, 2026 20:13

Zero-day exploit bypasses default windows 11 bitlocker encryption

May 13, 2026 20:07

New fragnesia linux kernel flaw disclosed

May 11, 2026 18:30

New portable CD player blends retro style with audiophile features

May 07, 2026 00:48

Experts warn Microsoft Phone Link tool exploited by unknown threat

April 07, 2026 17:23

Western agencies warn of russian hackers on tp-link routers

March 18, 2026 22:56

New DarkSword tool targets hundreds of millions of iPhones

March 18, 2026 03:20

Infostealers Disguised as Claude Code, OpenClaw, and Other AI Tools

This website uses cookies

We use cookies for analytics to improve our site. Read our privacy policy for more information.
Decline