Researchers discover exploit allowing hackers to take over PCs through USB-connected Bluetooth speakers

Security researchers have discovered a vulnerability in Creative's USB-connected Bluetooth speakers that allows nearby attackers to take control of connected computers without any user interaction. The exploit, dubbed 'Pwnd Blaster,' takes advantage of how these speakers connect to PCs via USB while simultaneously maintaining Bluetooth connectivity.

The attack works by exploiting the dual connectivity of the speakers. When a Creative speaker is plugged into a PC via USB, it also broadcasts a Bluetooth signal that can be detected by nearby devices. Researchers found they could send specially crafted Bluetooth commands to the speaker that would then be relayed to the connected PC through the USB connection, effectively bypassing normal security controls that would prevent unauthorized Bluetooth access to the computer.

The vulnerability is particularly concerning because it requires no action from the victim. Traditional attacks typically require users to click a malicious link, download infected software, or accept a connection request. In this case, simply having the speaker connected to a PC and powered on creates an attack surface that hackers within Bluetooth range can exploit to gain system access.

The discovery has prompted alarm among PC security professionals and users. The revelation that common peripheral devices can serve as entry points for attacks represents a blind spot in typical security practices. Most users focus on protecting their systems from network-based threats or malicious software, but rarely consider that accessories like speakers could provide attackers with a pathway to compromise their machines.

Creative has not yet issued a public statement about the vulnerability or announced plans for a firmware update to address the issue. Security experts recommend that users concerned about the exploit either disconnect affected speakers when not in use or disable their Bluetooth functionality if possible. The research highlights the growing challenge of securing computers as peripheral devices become more sophisticated and incorporate multiple connectivity methods that can interact in unexpected ways.