Seller of the Sound Blaster Katana V2X doesn’t consider the behavior a vulnerability.
It’s just crazy how many Bluetooth devices have broken (or completely absent) authentication and pairing security.
It’s very difficult to tell when they’re encrypted, too. Your Bluetooth keyboard and mouse could be broadcasting everything keystroke and click unencrypted to anyone within 100m or so.
And that’s just the accessories. There have been tons of exploits of phone and computer firmware over the years as well. Security is an afterthought at best with Bluetooth.
$300 for a PC speaker? Madness.
This is Sparta!
kicks speaker into trash can
Tittel is misleading as this a variant of BadUSB where a device act as keyboard device.
And i agree and prefer that user is able to replace firmware.
Not really. You can’t just walk by with a cell phone to configure a flash drive that is already plugged in and convert it to an attack vector. The method of setting up the attack device is the shocking part. You don’t even have you push a pairing button on the speaker to connect to it.
