DigiNews

Summary

A security researcher reverse engineers the Creative Katana V2X speaker and uncovers weaknesses in USB and Bluetooth interfaces that allow unauthenticated control, firmware upgrades, and potential covert monitoring. The write-up details how CTP authentication can be bypassed, how firmware patches can be applied over USB and Bluetooth, and how the device could be turned into a malicious HID or spying tool. It also covers remediation attempts, including a patch to block CTP over Bluetooth and the vendor's hesitant response, underscoring risks for consumer IoT hardware in small-to-mid-sized businesses.