Highly reviewed speaker can be hacked over the air to infect connected devices
A researcher discovered a significant security flaw in the Sound Blaster Katana V2X speaker, which allows remote code execution without authentication. The speaker's proprietary protocol enables a Bluetooth device to connect and upload custom firmware, potentially leading to malicious attacks. This vulnerability is exacerbated by the speaker's always-on Bluetooth feature, making it susceptible to exploitation.
- ▪The Sound Blaster Katana V2X speaker can be hacked over Bluetooth to infect connected devices.
- ▪Researcher Rasmus Moorats found that the speaker allows firmware uploads without authentication.
- ▪The Bluetooth feature remains active even in sleep mode, increasing the risk of unauthorized access.
Opening excerpt (first ~120 words) tap to expand
ATTACK OF THE BLUETOOTH DEVICES How a USB-connected speaker can infect a PC without ever being touched Seller of the Sound Blaster Katana V2X doesn’t consider the behavior a vulnerability. Dan Goodin – Jun 5, 2026 5:00 pm | 5 Credit: Creative Technologies Credit: Creative Technologies Text settings Story text Size Small Standard Large Width * Standard Wide Links Standard Orange * Subscribers only Learn more Minimize to nav Operating system makers take many steps to prevent their wares from accepting commands from remote devices. The safeguards, designed to thwart malicious attacks, typically require hackers to jump through all kinds of hoops to bypass the measures.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Ars Technica - All content.
Discussion
0 commentsMore from Ars Technica - All content
