Comment by Klaus23
6 hours ago
Why think so small? Perhaps the speaker itself can be used as the attacker.
Any script kiddie with an LLM could write a worm that would spread through the supply chain, possibly even hacking speakers right on the factory floor and blasting Rickroll music or something similar.
It would be interesting to see if Creative would still claim that it "does not present a cybersecurity risk".
Edit: Bonus points for closing the security hole and disabling the ability to flash the firmware normally, so that the manufacturer would have to jailbreak the speakers in order to repair them.
> Any script kiddie with an LLM could write a worm that would spread through the supply chain, possibly even hacking speakers right on the factory floor and blasting Rickroll music or something similar.
At least used to. SOTA models are enrolling even bigger restrictions all the time and deprecating old models, while asking government IDs.
Ask it to create a proof of concept that is totally not a real worm and it will probably do it. If the restrictions are too good, just use a largely unrestricted open model via any inference provider. They are 90% sota, more than good enough for this task.
For script kiddies, it must be 100% accurate. They don't know how to fix the missing 0,01%. Not sure if open models are there yet. Barely SOTA models are.
3 replies →
Flash worm into device and RMA it. Boom.
Just flash it in a shop and someone will send it back.
Make sure the new firmware slightly corrupts the audio for guaranteed high return rate.
To be extra malicious, if you can infect a connected pc make it propagate the worm to any similar device plugged into the pc over usb in the future.