Seller of the Sound Blaster Katana V2X doesn’t consider the behavior a vulnerability.
“Without being touched” seems unnecessary. That’s one possible definition for computers: completing tasks that do not require manual intervention. Automation.
BTW the real culprit here isn’t the USB connection but Creative’s proprietary but totally unprotected transfer protocol that allows third parties to communicate with the device both ways, even load new firmware. No code signing there, either.
Reminds me of Logitech’s Unified software that had so many holes and was patched frequently. It was never secure.
Don’t forget having it basically auto install on windows when plugging in one of their mice or keyboards.
It’s just crazy how many Bluetooth devices have broken (or completely absent) authentication and pairing security.
It’s very difficult to tell when they’re encrypted, too. Your Bluetooth keyboard and mouse could be broadcasting everything keystroke and click unencrypted to anyone within 100m or so.
And that’s just the accessories. There have been tons of exploits of phone and computer firmware over the years as well. Security is an afterthought at best with Bluetooth.
Wait until you hear about handheld radios. Even your pervert neighbor can hack into your conversation!
Different use cases require different levels of security, and that’s ok.
I miss when Creative Labs meant you were buying a top notch sound card.
The player software than can with mine back in the good times was awesome. It had essentially a loopback recording feature where it’d record anything coming out the audio out. I actually ripped a few streamed songs that way by starting the stream and recording lol
$300 for a PC speaker? Madness.
An old surround sound receiver and some decent speakers will sound better than any PC speakers.
This is Sparta!
kicks speaker into trash can
These are probably garbage, but some people have money and understand that a good set of speakers is more important than the latest GPU for immersion 🤷♂️
A quality sound setup really is friggen nice when you don’t enjoy headphones while gaming, especially in racing games. For me, that’s way more important than the last couple of fps. And it doesn’t have to be expensive, I’ve found some old quality speakers that looked like shit but were mechanically sound and then went on the hunt for the best amplifier with the least amount of features I could afford. All in, it was under 1500dkk/$200.
Tittel is misleading as this a variant of BadUSB where a device act as keyboard device.
And i agree and prefer that user is able to replace firmware.
Not really. You can’t just walk by with a cell phone to configure a flash drive that is already plugged in and convert it to an attack vector. The method of setting up the attack device is the shocking part. You don’t even have you push a pairing button on the speaker to connect to it.