Will we see random speakers in parking lot of bussines instead of USB sticks?
Comment on How a USB-connected speaker can infect a PC without ever being touched
frongt@lemmy.zip 2 weeks ago
I was able to totally remotely, over the air, upload a custom firmware to my speaker which I hadn’t paired with, which would reboot, flash the custom firmware, and after rebooting type in the command echo pwned and execute it.
So an attacker can hack someone else’s speaker, turn it into a keyboard to the paired PC, and from there attack the paired PC.
poinck@lemmy.world 2 weeks ago
A_norny_mousse@piefed.zip 2 weeks ago
IIRC long ago I read that this is a flaw/feature of the USB protocol itself.
Maybe “Seller (..) doesn’t consider the behavior a vulnerability” … ah wait, I’m gonna read the article now.
Right, the real culprit isn’t the USB connection but Creative’s proprietary but totally unprotected transfer protocol that allows third parties to communicate with the device both ways, even load new firmware. No code signing there, either.
I find both headline and first half of the article misleading; this is not restricted to one specific device. Most likely not even to one specific manufacturer.
But it ends with
frongt@lemmy.zip 2 weeks ago
Right. The common one is an initially malicious device given to an unsuspecting user. This is a stock device that a user already has and trusts. It’s a huge vulnerability that an unauthenticated user can completely take it over. This is a 9.3 CVE, without even considering pivoting to the PC.