This is a well written article and easy to digest, worth a skim.
In summary he figured out how to reflash arbitrary firmware on a Creative Sound Blaster Katana V2X soundbar via Bluetooth, without requiring any effective authentication or user interaction.
The soundbar is plugged directly into its host computer via USB, so by adding a descriptor to its firmware he made it recognized as a keyboard. From there it was straightforward to have it send keystrokes to the PC. The soundbar is equipped with a mic, so an adversary could turn it into an eavesdropping device.
He reported it to Creative and SingCERT. Neither him or SingCERT got any meaningful response from the company until 2 months later, eventually saying "they do not consider this to be a vulnerability, as it does not present a cybersecurity risk".
He released a firmware patcher that disables the flawed transport protocol. It's a bit of a sledgehammer that likely also breaks functionality of the official Bluetooth app, but seems like the best he could do without cooperation from the manufacturer.
In summary he figured out how to reflash arbitrary firmware on a Creative Sound Blaster Katana V2X soundbar via Bluetooth, without requiring any effective authentication or user interaction.
The soundbar is plugged directly into its host computer via USB, so by adding a descriptor to its firmware he made it recognized as a keyboard. From there it was straightforward to have it send keystrokes to the PC. The soundbar is equipped with a mic, so an adversary could turn it into an eavesdropping device.
He reported it to Creative and SingCERT. Neither him or SingCERT got any meaningful response from the company until 2 months later, eventually saying "they do not consider this to be a vulnerability, as it does not present a cybersecurity risk".
He released a firmware patcher that disables the flawed transport protocol. It's a bit of a sledgehammer that likely also breaks functionality of the official Bluetooth app, but seems like the best he could do without cooperation from the manufacturer.