Home Videos How a USB-connected speaker can infect a PC without ever being touched

How a USB-connected speaker can infect a PC without ever being touched

Jun 05, 2026 comments off
How a USB-connected speaker can infect a PC without ever being touched

As an Amazon Associate I earn from qualifying purchases.

Woodworking Plans Banner

After effectively changing the firmware with a replacement image that not did anything more than show the word “covered” on the speaker’s LED screen, the scientist got to questioning what else a hacker may do. He turned his attention to FreeRTOS, the open source operating system that ran the Katana V2X. It consisted of a set of HID functions for enabling the speaker to function as a human user interface gadget, a category that consists of keyboards, mice, and cams. The speaker carried out a restricted HID that enabled things like altering the volume and playing or stopping briefly noise, however little else.

The scientist found that he might alter the speaker’s USB descriptor set, which is basically a report that notifies gadgets about the abilities of a USB- or Bluetooth-connected peripheral. He had the ability to enhance the existing descriptor set with a 2nd one that reported the speaker being a keyboard. He utilized code currently consisted of in the firmware to enhance the procedure of sending out keypresses.

All of this offered Moorats a concept: What if he utilized his gadget to send out commands to the speaker that utilized the HID to pass them along to the linked PC? After some experimentation, he discovered that he could. In a post released on Wednesday, he composed:

Chaining all of it together, I had the ability to completely from another location, over the air, publish a custom-made firmware to my speaker which I had not coupled with, which would reboot, flash the customized firmware, and after restarting enter the command echo pwned and perform it.

Credit: Rasmus Moorats

Credit: Rasmus Moorats

In a genuine attack circumstance, I would carry out the keystrokes for opening powershell.exe or comparable and paste an in fact destructive one-liner into that, however as an evidence of idea, this was ample for me. A genuine aggressor would likewise likely disable the regular for upgrading the firmware in both regular and healing mode, making it difficult to clean the harmful firmware from the gadget or spot it in the future.

This is gotten worse by the reality that Bluetooth is constantly on for the speaker, even in sleep mode, without any obvious method to disable it.

Before the speaker and USB-connected gadget can connect, they should effectively finish a challenge-and-response authentication treatment. Because the gadgets perform this handshake immediately each time the software application boots, this isn’t normally an issue for the hacker. In specific cases, nevertheless, such as when the Katana V2X app isn’t open on the linked gadget, it’s a requirement.

Find out more

As an Amazon Associate I earn from qualifying purchases.

You May Also Like

Ornithologists Describe New Bird Species from Remote Indonesian Islands

Ornithologists Describe New Bird Species from Remote Indonesian Islands

Acheulean Toolmakers Chose Their Stone with Surprising Precision

Acheulean Toolmakers Chose Their Stone with Surprising Precision

Astronomers Finally Find Milky Way’s Missing Black Hole Wind

Astronomers Finally Find Milky Way’s Missing Black Hole Wind

Geoscientists Find Vast Fan-Shaped Structure beneath Antarctica’s Ice

Geoscientists Find Vast Fan-Shaped Structure beneath Antarctica’s Ice

FCC lifts looming deadline for Amazon Leo satellite broadband constellation

FCC lifts looming deadline for Amazon Leo satellite broadband constellation

Thanks to natural selection, Indigenous Andeans may digest potatoes better than anyone else in the world, study finds

Thanks to natural selection, Indigenous Andeans may digest potatoes better than anyone else in the world, study finds

About the Author: tech