Creative's Katana V2X speaker potentially has a serious vulnerability that could allow hackers to attack your PC, and there's only one way to avoid it

News
By published

And there's one specific requirement for hackers...

Render of Creative Sound Blaster Katana V2X speakers
(Image credit: Creative)
  • A cybersecurity researcher has discovered a major vulnerability in a popular PC speaker
  • The Creative Sound Blaster Katana V2X speakers can reportedly be used to hack users' PCs via Bluetooth
  • Creative won't provide a patch as it's not viewed as a vulnerability, but a temporary third-party fix is available

Discovering potential PC vulnerabilities is undoubtedly of high importance for any user, especially with hackers finding new and easier ways of exploiting systems — and unfortunately, there's one way a popular peripheral can apparently lead attackers to hit PCs.

As reported by Notebookcheck, a cybersecurity researcher, Rasmus Moorats, has discovered that the Creative Sound Blaster Katana V2X speakers can reportedly be used to hack a user's PC via a Bluetooth Low Energy exploit, which has been dubbed Pwnd Blaster.

All that is required, according to the researcher, is for a PC user to have the Katana V2X connected to their PC via USB, and anybody within 15 meters (and with the know-how) can use Bluetooth and the Creative app to connect to the speaker.

Latest Videos From

All is possible, it seems, without having to ever pair beforehand, and ultimately turn the speaker into a covert keystroke injector by flashing the speaker's firmware, allowing changes to be made to the HID descriptor.

Effectively, what this does is allow a potential hacker to use the speaker as a keyboard and, therefore, execute malicious code — and in a real-world scenario, this would likely be done via PowerShell, serving as a significant threat to PC security.

Lifestyle photo of gamer using Creative Sound Blaster Katana V2X

(Image credit: Creative)
Comment from r/netsec

What makes matters worse is that there is no dedicated way to disable Bluetooth functionality on the Katana V2X, essentially leaving it open and vulnerable to any nearby attackers who know how to execute this exploit.

Moorats reached out to Creative to see if this could be patched, but reports he was told it wasn't considered a vulnerability, as it "does not present a cybersecurity risk", so no patch will arrive to stop this from occurring.

Fortunately, the handicap of Bluetooth is involved here, where an attacker would need to be close by up to 15 meters, and most importantly, Moorats has already created a partial fix via a tool available on GitHub. So, it's not the end of the world, especially because the chances of a hacker being within 15 meters (at least at home) are slim.

Perhaps the bigger concern is the potential vulnerabilities that may be present among many other peripherals, particularly those that are connected via Bluetooth and USB — and that's a scary thought for any PC user.

Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Isaiah Williams
Isaiah Williams
Staff Writer, Computing

Isaiah is a Staff Writer for the Computing channel at TechRadar. He's spent over two years writing about all things tech, specifically games on PC, consoles, and handhelds. He started off at GameRant in 2022 after graduating from Birmingham City University in the same year, before writing at PC Guide which included work on deals articles, reviews, and news on PC products such as GPUs, CPUs, monitors, and more. He spends most of his time finding out about the exciting new features of upcoming GPUs, and is passionate about new game releases on PC, hoping that the ports aren't a complete mess.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.