Comment by asimovDev

I also did some reverse engineering, although mine was a soundcard which seemed to use an older version of this software (GUI was different). I used Wireshark to sniff out the LED and EQ packets and then wrote a CLI utility with hidapi library in C.

It doesn't have bluetooth so thankfully something like this wouldn't happen with mine. It's crazy that there's no auth at all for Bluetooth. I was reversing my e-scooter recently (still WIP) and there was a whole bunch of authentication required before its app could control any of it. I am still not confident in its security though