USB Speaker Vulnerability Allows PC Infection Without User Interaction
USB Speaker Vulnerability Allows PC Infection Without User Interaction Security researchers have discovered a novel attack vector dubbed “Pwnd Blaster” that exploits Bluetooth speakers manufactured by Creative to compromise connected PCs without any user interaction. The vulnerability allows attackers to infiltrate computers simply by being within Bluetooth range of the speaker, which is connected to the PC via USB. The exploit targets a firmware vulnerability in Creative’s popular Bluetooth speaker line, which sells for approximately three hundred dollars. When the speaker is connected to a PC via USB for charging or audio input, the compromised firmware can execute arbitrary code on the host system through the USB interface, effectively turning the speaker into a stealthy attack platform. ...