How a USB-connected speaker can infect a PC without ever being touched

Submitted ⁨⁨1⁩ ⁨week⁩ ago⁩ by ⁨schnurrito@discuss.tchncs.de⁩ to ⁨cybersecurity@infosec.pub⁩

https://arstechnica.com/security/2026/06/highly-reviewed-speaker-can-be-hacked-over-the-air-to-infect-connected-devices/

source

Comments

Sort:hotnew top

frongt@lemmy.zip ⁨1⁩ ⁨week⁩ ago

I was able to totally remotely, over the air, upload a custom firmware to my speaker which I hadn’t paired with, which would reboot, flash the custom firmware, and after rebooting type in the command echo pwned and execute it.

So an attacker can hack someone else’s speaker, turn it into a keyboard to the paired PC, and from there attack the paired PC.

source
- A_norny_mousse@piefed.zip ⁨1⁩ ⁨week⁩ ago
  IIRC long ago I read that this is a flaw/feature of the USB protocol itself.
  
  Maybe “Seller (..) doesn’t consider the behavior a vulnerability” … ah wait, I’m gonna read the article now.
  
  Right, the real culprit isn’t the USB connection but Creative’s proprietary but totally unprotected transfer protocol that allows third parties to communicate with the device both ways, even load new firmware. No code signing there, either.
  
  I find both headline and first half of the article misleading; this is not restricted to one specific device. Most likely not even to one specific manufacturer.
  
  But it ends with
  
  It also raises the question: What other Bluetooth devices open users to the same attacks?
  
  source
  - frongt@lemmy.zip ⁨1⁩ ⁨week⁩ ago
    Right. The common one is an initially malicious device given to an unsuspecting user. This is a stock device that a user already has and trusts. It’s a huge vulnerability that an unauthenticated user can completely take it over. This is a 9.3 CVE, without even considering pivoting to the PC.
    
    source
- poinck@lemmy.world ⁨1⁩ ⁨week⁩ ago
  Will we see random speakers in parking lot of bussines instead of USB sticks?
  
  source