RESEARCHER Rasmus Moorats discovered a serious security flaw in the Creative Sound Blaster Katana V2X speaker, allowing it to be hacked over Bluetooth without authentication. The speaker's proprietary protocol, CTP, permits remote code execution, enabling hackers to upload custom firmware. This vulnerability can make the speaker act as a human interface device, capable of sending commands to a connected PC.
Although this attack requires proximity to the speaker and bypasses Bluetooth security measures, the ability to exploit connected devices raises concerns about other similar Bluetooth-enabled gadgets. Creative Technologies did not acknowledge the issue as a vulnerability despite the exploit being demonstrated to them.