How a Bluetooth speaker hacked a PC without being touched
A researcher has discovered a way to hack a PC using a Bluetooth speaker. The speaker is a Sound Blaster Katana V2X, which Creative Technologies sells. The researcher, Rasmus Moorats, bought the speaker and wanted to create a Linux tool for it. The speaker connects to a PC via USB or Bluetooth. It uses a system called CTP, which stands for Creative Transport Protocol. CTP allows devices to send commands to the speaker, such as changing LED colors and equalizer settings. Moorats connected to the speaker over Bluetooth without pairing his device first. The speaker did not require any authentication. He sent a command to upload new firmware, and the speaker accepted it without code signing. He created a custom firmware that displayed the word "patched" on the speaker's LED display. The speaker runs FreeRTOS, an open source operating system. FreeRTOS includes HID functions, which allow the speaker to act as a human interface device, like a keyboard. Moorats changed the speaker's USB descriptor set, adding a second descriptor that reported the speaker as a keyboard. He then used code in the firmware to send keypresses. By chaining these steps, he was able to remotely upload custom firmware over the air, which rebooted and typed the command "echo pwned" on the connected PC. The PC executed the command. The attack only works when the attacker is within Bluetooth range of the speaker. Moorats reported his findings to Creative Technologies, but the company did not respond. After CERT Singapore intervened, the company said it does not consider the behavior a vulnerability. The speaker has Bluetooth always on, even in sleep mode, with no way to disable it. This makes the attack possible at any time.
Take a position. Out loud, if you can.
Four ways to start. Pick one and try saying it before you scroll on.
Tip · Record yourself, use in a notebook, or practice with a language partner.
What does CTP stand for?
Present perfect for recent discoveries
We use present perfect to talk about recent events or discoveries that are relevant now. The article uses present perfect to introduce the researcher's finding.
“A researcher has discovered a way to hack a PC using a Bluetooth speaker.”
What to know · B1
Try saying this aloud
Scenario: You discuss a tech news story with a colleague.
- 01“A researcher has discovered a hack.”
- 02“The speaker did not require authentication.”
- 03“The attack only works within Bluetooth range.”
Register tip · semi-formal
🔑Key Phrases
This uses present perfect to report a new discovery, common in news.
present perfect for recent events→A student has discovered a new way to recycle plastic.
This uses past simple negative to highlight a security flaw.
past simple negative→The door did not require a key.
🎙️ Article Audio — Kokoro TTS
How a Bluetooth speaker hacked a PC without being touched
Adapted from Ars Technica · Read the original. LectoPress rewrites the facts as original graded-reader text for language learners.
Get stories at your level, every day
B1 · EN · delivered to your inbox · unsubscribe any time
Customize language, level & topics → full preferences
