A recent discovery reveals that Creative's Sound Blaster Katana V2X soundbar can be compromised over Bluetooth, letting an attacker within range execute code on a PC, Mac or Linux machine linked to the speaker.
The $280 soundbar, praised for its audio performance, connects to host devices through USB or Bluetooth. Researcher Rasmus Moorats bought a unit and attempted to build a Linux tool to communicate with it. He uncovered that the speaker accepts commands via Creative Transport Protocol (CTP), a proprietary interface, and that a malicious payload sent over Bluetooth could affect the host system.
Creative does not label the behavior a vulnerability, but the finding underscores how peripheral devices can bypass operating‑system hardening measures. Security analysts recommend limiting Bluetooth exposure and watching for firmware updates. The incident may pressure Creative to revise the protocol’s security or release a patch.
