Security researcher Rasmus Moorats discovered a critical vulnerability in the Sound Blaster Katana V2X speaker that allows attackers within Bluetooth range to execute remote code on connected computers without authentication. The flaw enables attackers to upload malicious firmware to the speaker, which then acts as a proxy to infect the host PC, bypassing standard security measures. The vulnerability stems from the speaker's Creative Transport Protocol (CTP) that lacks proper authentication and code signing for firmware updates.
Background
USB and Bluetooth-connected devices often serve as potential attack vectors for compromising computer systems, with security researchers continuously discovering new vulnerabilities in peripheral devices. The Sound Blaster Katana V2X is a popular high-end soundbar from Creative Technologies that connects to computers via USB or Bluetooth.
- Source
- Ars Technica
- Published
- Jun 6, 2026 at 05:00 AM
- Score
- 8.0 / 10