Can't wait to see a video from a half sloppy channel about this on my youtube front page in roughly 4 business days

Good work, and fun to read.

It's crazy that companies just stick their head in the sand, when confronted with serious security issues.

>Email from SingCERT stating vendor "do not consider this to be a vulnerability, as it does not present a cybersecurity risk."

So wirelessly writing custom firmware to someone else's device that is connected via USB to their computer without even needing to pair is not a security vulnerability. Yea.

The fact that the author had to publish a third-party patch because the vendor didn't consider it a vulnerability is not a great look

Way cool. Thank you for sharing

Thanks for sharing this. It’s a bit concerning that a consumer soundbar can receive unauthenticated firmware over BLE and then act like a BadUSB-style HID on the host. I’m not sure I agree with the vendor’s "no cybersecurity risk" assessment, considering how much access a trusted keyboard interface typically has.

Having a guaranteed audio channel makes this so much cooler for exploits -- you can exfiltrate over audio!! I love it. I wonder how many of these were sold. I also imagine based on Creative's response (this is fine) that many other devices in the class have similar security models in place. Def scary.

The real question remains: with this hack, did the OP gain full control of Dr. Sbaitso?

Great research. Thanks for sharing

It is quite common to find device manufacturers, even those of many years standing, who _appear to_ begin with the device and add the software as an afterthought. Paying little attention to security or even the software lifecycle (patches, updates, the changing landscape/ecosystem). I have even known it happen that the device brand subs out the software to a random small developer, who then closes up shop/dies/gets out of that business, and the device company doesnt even have the source code, let alone any ability to further improve/fix the software that drives their device. This leads to layers upon layers of subsequent middleware, UIs, shims etc.

Air-gapped attacks are the most fascinating. Change my mind

Why think so small? Perhaps the speaker itself can be used as the attacker.

Any script kiddie with an LLM could write a worm that would spread through the supply chain, possibly even hacking speakers right on the factory floor and blasting Rickroll music or something similar.

It would be interesting to see if Creative would still claim that it "does not present a cybersecurity risk".