Comment by KurSix
6 hours ago
The fact that the author had to publish a third-party patch because the vendor didn't consider it a vulnerability is not a great look
6 hours ago
The fact that the author had to publish a third-party patch because the vendor didn't consider it a vulnerability is not a great look
Are you surprised? Great hack by the author, the impact could be huge if someone is targeted, but overall the impact is very minimal. The vendor can't be bothered. For you to be a victim, you have to own this device, and your attack has to know that and be within a close proximity. Remember that fight club quote?
A = The number of speakers in the field. B = The probable rate of getting hacked. C = The average out-of-court settlement.
The Decision: If the cost of not doing a recall/fix is greater than the cost of a recall, they initiate a recall, yada yada yada (Note that the big cost is if people will stop buying future speakers, I think not)
Let me just turn this hack into a quick Flipper Zero app that makes the speaker play "Fuck Creative" in a loop, let's see whether the vendor is bothered then.