← Back to context

Comment by vessenes

6 hours ago

Having a guaranteed audio channel makes this so much cooler for exploits -- you can exfiltrate over audio!! I love it. I wonder how many of these were sold. I also imagine based on Creative's response (this is fine) that many other devices in the class have similar security models in place. Def scary.

6 comments

vessenes

Reply
Uncle_Brumpus  5 hours ago

I somehow hadn't even considered Bluetooth as an option when I read the headline, I immediately thought about INFILTRATING via audio, which also sounds insanely cool, but I couldn't possibly wrap my head around how an audio circuit would have to be set up and connected back to the cpu to pull that off.

Exfiltrating via audio also brings to mind one of those devices I really wanted to build ~20 years ago that can listen to the inside of a room by bouncing a laser beam off a window. Van pulls up in front of your house, pushes malicious code via bluetooth to speaker, which starts shrieking data it stole from the host that's then picked up by the vibrations it emparts on a window by a laser beam. Boom, crypto wallet stolen, or something... you could probably put that in a movie.

  • evilDagmar  5 hours ago

    Let's not. There's enough overcomplicated nonsense examples of cybersecurity in movies as it is. If you could compromise a device via bluetooth, then you could exfiltrate data via bluetooth just as easily.

    • bayesianbot  4 hours ago

      It's not completely unrealistic angle, you could pwn the speaker when someone is traveling with it in public and then exfiltrate data when it's plugged in a secure environment and you can't connect anymore

    • trashb  4 hours ago

      you could but I think the inclusion of lasers would make for a better spy / cyberpunk movie. Most "hacking" in movies are not realistic and for show but it being plausible is just a bonus.

xx_ns  6 hours ago

That would've been a cool PoC to work on as well, but seems a fair bit more complicated than the BadUSB-style attack I ended up doing. Would've had to do a lot more RE to figure out how to interact with the whole microphone subsystem, I think.

  • vessenes  6 hours ago

    I guess you could just construct a wav file from the shell and then play it. Agreed doing it all on device sounds challenging.