USB音箱可蓝牙入侵电脑:Pwnd Blaster漏洞曝光,厂商拒绝修复
核心摘要 安全研究人员发现了一种名为"Pwnd Blaster"的新型攻击方式,利用Creative品牌的蓝牙音箱通过蓝牙连接入侵与其USB连接的电脑。该漏洞无需用户进行任何操作即可触发,且硬件厂商已确认不会提供修复补丁。 USB Speaker Vulnerability Allows PC Infection Without User Interaction Security researchers have discovered a novel attack vector dubbed “Pwnd Blaster” that exploits Bluetooth speakers manufactured by Creative to compromise connected PCs without any user interaction. The vulnerability allows attackers to infiltrate computers simply by being within Bluetooth range of the speaker, which is connected to the PC via USB. The exploit targets a firmware vulnerability in Creative’s popular Bluetooth speaker line, which sells for approximately three hundred dollars. When the speaker is connected to a PC via USB for charging or audio input, the compromised firmware can execute arbitrary code on the host system through the USB interface, effectively turning the speaker into a stealthy attack platform. ...