I enjoy knowing people like this exist.
At first, I thought it was an attack using audio only. That would have been crazy impressive.
<sad modem noises>
My speakers can’t get hacked like this luckily.
They use a headphone jack line.
As someone who’s done only minimal hacking I found this fascinating and very readable. I could skim the parts I was only sort of familiarish with and still follow the overall plot, and I felt like with a little research I could actually do what he was describing. Probably the best-written piece about hardcore hackery I’ve ever read!
The way BLE (Bluetooth Low Energy) works is that each device has various registers (called GATT characteristics) that, if you’re connected to the device, you can write to, read, subscribe to notifications for, and so on. What’s important to note is that to connect to a device, you don’t need to (necessarily) pair with it. You can often just connect with a device and immediately start reading and writing data to characteristics. Pairing establishes encryption, but a connection can be made without it.
To my surprise, upon reading the characteristic 9e9daaeb-3a10-4fe8-b69f-7397aff77886, I was greeted with the full version string. This means anyone can just connect to any Katana V2X over Bluetooth and start sending CTP commands to it, reading information, changing settings, etc.
I thought of the implications for a bit. The speaker has a microphone. An attacker could, theoretically, upload a custom firmware that effectively turns the speaker into a covert monitoring device, listening in on conversations and forwarding them to a receiver over Bluetooth.
What was more interesting to me was the fact that the speaker is, in a standard setup, connected to a PC over USB. It’s by all means a trusted USB device.
What if we wrote custom firmware that forced the speaker into acting as a keyboard, sending keystrokes for opening up the terminal and executing arbitrary commands? We would turn the speaker into a Rubber Ducky, but remotely, without ever having to plug anything into either the speaker or the PC.
That was a great read, and wild that all of that was possible.
Amazing job and beautifully written! Now I kind of want one of these speakers lol.
firmwares
And I’m out. If you can’t spell a word, I don’t need to hear you talk about it.
Dude, the author is from Estonia. English is therefore not his native language. Fuck you for attacking non-native speakers because of some minor grammar error.
Spell-check is so weird.
