USB-connected speaker can be hacked remotely to infect a PC
A security researcher has demonstrated that a USB-connected speaker can be hacked remotely over Bluetooth, without the attacker ever touching the device. The speaker, a Sound Blaster Katana V2X sold by Creative Technologies, is widely acclaimed for its sound quality. However, researcher Rasmus Moorats discovered a serious flaw. The speaker uses a proprietary mechanism called CTP, which is believed to stand for Creative Transport Protocol. CTP allows devices to send commands to the speaker, such as changing LED colors and equalizer settings. Moorats connected to the speaker via Bluetooth without pairing his device first. No authentication was required. He then sent a command to upload new firmware. The firmware reflashing process did not use code signing, so the speaker accepted his custom firmware. This firmware displayed the word "patched" on the speaker's LED display. The speaker runs FreeRTOS, an open source operating system. FreeRTOS includes HID functions that allow the speaker to act as a human interface device, such as a keyboard. Moorats changed the speaker's USB descriptor set, adding a second descriptor that reported the speaker as a keyboard. He then used existing code in the firmware to send keypresses. By chaining these steps, he was able to remotely upload custom firmware over the air, which rebooted and typed the command "echo pwned" on the connected PC. The command was executed. The attack can only be carried out if the attacker is within Bluetooth range of the speaker. Moorats reported his findings to Creative Technologies, but received no response. After CERT Singapore intervened, the company stated that its engineers do not regard the behavior as a vulnerability. Furthermore, the speaker's Bluetooth is always on, even in sleep mode, with no apparent way to disable it. This means the attack could be repeated at any time. Although a challenge-and-response authentication is required for USB-connected devices, no such authentication is needed for Bluetooth connections. This makes the attack relatively simple to execute.
Take a position. Out loud, if you can.
Four ways to start. Pick one and try saying it before you scroll on.
Tip · Record yourself, use in a notebook, or practice with a language partner.
What does CTP stand for?
Passive voice for processes
The passive voice is used to focus on the action rather than who performed it. The article uses passive to describe the attack steps.
“No authentication was required.”
What to know · B2
Try saying this aloud
Scenario: You present a security analysis to a team.
- 01“A serious flaw has been demonstrated.”
- 02“No authentication was required.”
- 03“The attack can only be carried out within Bluetooth range.”
Register tip · formal
🔑Key Phrases
This uses passive voice with 'can be' to describe a condition.
passive with modal verb→The test can only be taken if the student is registered.
🎙️ Article Audio — Kokoro TTS
USB-connected speaker can be hacked remotely to infect a PC
Adapted from Ars Technica · Read the original. LectoPress rewrites the facts as original graded-reader text for language learners.
Get stories at your level, every day
B2 · EN · delivered to your inbox · unsubscribe any time
Customize language, level & topics → full preferences
