Pwnd Blaster: Hacking your PC using your speaker without ever touching it
xx_ns
662 points
107 comments
June 03, 2026
Related Discussions
Found 5 related stories in 104.1ms across 10,002 title embeddings via pgvector HNSW
- GPT-5.5: Mythos-Like Hacking, Open to All rs_rs_rs_rs_rs · 53 pts · April 23, 2026 · 50% similar
- Windows Defender Is Being Used to Hack Windows weaksauce · 11 pts · April 11, 2026 · 49% similar
- BlueHammer abuses Windows Defender's update process to gain SYSTEM access BullsEye0 · 26 pts · April 11, 2026 · 48% similar
- SPEAKE(a)R: Turn Speakers to Microphones for Fun and Profit [pdf] (2017) Eridanus2 · 172 pts · April 19, 2026 · 48% similar
- ESP32 Bit Pirate, a Hardware Hacking Tool with WebCLI That Speaks Every Protocol geotp · 183 pts · June 05, 2026 · 47% similar
Discussion Highlights (20 comments)
217
Can't wait to see a video from a half sloppy channel about this on my youtube front page in roughly 4 business days
bradley13
Good work, and fun to read. It's crazy that companies just stick their head in the sand, when confronted with serious security issues.
hootz
>Email from SingCERT stating vendor "do not consider this to be a vulnerability, as it does not present a cybersecurity risk." So wirelessly writing custom firmware to someone else's device that is connected via USB to their computer without even needing to pair is not a security vulnerability. Yea.
KurSix
The fact that the author had to publish a third-party patch because the vendor didn't consider it a vulnerability is not a great look
awedisee
Way cool. Thank you for sharing
brogapp
Thanks for sharing this. It’s a bit concerning that a consumer soundbar can receive unauthenticated firmware over BLE and then act like a BadUSB-style HID on the host. I’m not sure I agree with the vendor’s "no cybersecurity risk" assessment, considering how much access a trusted keyboard interface typically has.
vessenes
Having a guaranteed audio channel makes this so much cooler for exploits -- you can exfiltrate over audio!! I love it. I wonder how many of these were sold. I also imagine based on Creative's response (this is fine) that many other devices in the class have similar security models in place. Def scary.
SirFatty
The real question remains: with this hack, did the OP gain full control of Dr. Sbaitso?
sciencejerk
Great research. Thanks for sharing
nickdothutton
It is quite common to find device manufacturers, even those of many years standing, who _appear to_ begin with the device and add the software as an afterthought. Paying little attention to security or even the software lifecycle (patches, updates, the changing landscape/ecosystem). I have even known it happen that the device brand subs out the software to a random small developer, who then closes up shop/dies/gets out of that business, and the device company doesnt even have the source code, let alone any ability to further improve/fix the software that drives their device. This leads to layers upon layers of subsequent middleware, UIs, shims etc.
cbdevidal
Air-gapped attacks are the most fascinating. Change my mind
Klaus23
Why think so small? Perhaps the speaker itself can be used as the attacker. Any script kiddie with an LLM could write a worm that would spread through the supply chain, possibly even hacking speakers right on the factory floor and blasting Rickroll music or something similar. It would be interesting to see if Creative would still claim that it "does not present a cybersecurity risk". Edit: Bonus points for closing the security hole and disabling the ability to flash the firmware normally, so that the manufacturer would have to jailbreak the speakers in order to repair them.
asimovDev
I also did some reverse engineering, although mine was a soundcard which seemed to use an older version of this software (GUI was different). I used Wireshark to sniff out the LED and EQ packets and then wrote a CLI utility with hidapi library in C. It doesn't have bluetooth so thankfully something like this wouldn't happen with mine. It's crazy that there's no auth at all for Bluetooth. I was reversing my e-scooter recently (still WIP) and there was a whole bunch of authentication required before its app could control any of it. I am still not confident in its security though
rjmunro
While the article only talks about using this as a USB HID keyboard to send attacks, surely if you spent more time creating an evil firmware from scratch you could do much more than this? You could bridge any information from USB -> Bluetooth.
tj_hustler_1966
This sounds super cool
lostmsu
Wow, that's very creative! /couldn't resist the pun/
smithkl42
If I were in charge of, say, the Mossad, I would have as a significant part of my budget purchasing every single bluetooth device on the market, and set a bunch of underemployed Israeli CS grads to work at finding these vulnerabilities, and then putting them into an easily deployed toolkit. You want an asset with access to, say, an Iranian government office, to be able to walk through the building with a phone and take control of as many machines as possible. Now that I think about it, I think you have to assume that they probably DO do this...
NooneAtAll3
what ways are there to protect from malicious HID device?
mikekuharuk
Haha, I dont have one, only headphones Jokes on you xD
a1o
This is a cool infection vector for the ai virus from earlier today to use. It could be like NDS feature that it greeted a passerby but now for spreading stuff digitally.