Key facts
- A vulnerability exists in the Creative Sound Blaster Katana V2X speaker.
- The hack allows for remote code execution on connected PCs, Macs, and Linux devices.
- The exploit is possible over Bluetooth within a certain range.
- Researcher Rasmus Moorats discovered the vulnerability.
- The speaker sells for $280 and has received positive reviews.
A security vulnerability has been discovered in the Creative Sound Blaster Katana V2X speaker, a product widely praised in reviews and sold for approximately $280-$283. The hack, found by researcher Rasmus Moorats, allows for remote code execution on connected PCs, Macs, and Linux devices. Typically, such attacks require bypassing multiple security measures, but this vulnerability can be exploited simply by being within Bluetooth range of the speaker. Moorats stumbled upon the issue while developing a Linux tool to communicate with his speaker, discovering a proprietary mechanism he believes is Creative Transport Protocol (CTP). This exploit bypasses standard remote code execution safeguards by leveraging the speaker's connectivity.