Hacking your PC using your speaker without ever touching it

Posted by xx_ns 7 hours ago

Hacking your PC using your speaker without ever touching it(blog.nns.ee)

480 points | 80 commentspage 2

asimovDev 6 hours ago|

I also did some reverse engineering, although mine was a soundcard which seemed to use an older version of this software (GUI was different). I used Wireshark to sniff out the LED and EQ packets and then wrote a CLI utility with hidapi library in C.

It doesn't have bluetooth so thankfully something like this wouldn't happen with mine. It's crazy that there's no auth at all for Bluetooth. I was reversing my e-scooter recently (still WIP) and there was a whole bunch of authentication required before its app could control any of it. I am still not confident in its security though

mavleop 2 hours ago||

This is so refreshing to read. A true throwback in style and content. Makes me nostalgic

a1o 3 hours ago||

This is a cool infection vector for the ai virus from earlier today to use. It could be like NDS feature that it greeted a passerby but now for spreading stuff digitally.

kfarr 3 hours ago|

> ai virus from earlier today

curious what this means...

cbdevidal 6 hours ago||

Air-gapped attacks are the most fascinating. Change my mind

IAmBroom 2 hours ago|

Yes, and aircraft carriers are more fascinating than OTS drones carrying grenades.

Yet...

rjmunro 4 hours ago||

While the article only talks about using this as a USB HID keyboard to send attacks, surely if you spent more time creating an evil firmware from scratch you could do much more than this? You could bridge any information from USB -> Bluetooth.

berkes 3 hours ago|

What Bluetooth profile would allow "more" than a HID?

NooneAtAll3 4 hours ago||

what ways are there to protect from malicious HID device?

berkes 2 hours ago||

I know of https://usbguard.github.io/

But I remember that on Linux changing some /etc/udev file helped me with some naggy bug long ago. I worked temporary in an office with several wonky USB keyboards. Whenever someone disconnected their tablet or laptop from their KB (ie shut the lid), my linux would pick it up and suddenly connect to this KB. A little googling and some trial-error and I had my linux set-up that it would only connect to whitelisted USB devices.

Which, months later, caused me insane headaches when I could not find why a new USB microphone wasn't working, despite it being advertised as "works on linux"....

JdeBP 54 minutes ago|||

My computers ignore USB HIDs other than the ones that I have explicitly permitted. Unfortunately, this is a major architectural revamp for many operating systems. The idea that every HID is automatically added to a keyboard/mouse 'multiplexer', that provides a single combined input stream, is a pervasive one.

fsflover 1 hour ago||

Use Qubes OS, https://qubes-os.org.

r3tr0 2 hours ago||

ebpf usb sniffer you may find useful.

https://github.com/yeet-src/usbsnoop

sciencejerk 6 hours ago||

Great research. Thanks for sharing

Mangochutney27 3 hours ago||

What an amazing write-up and exploit. Love it!

Avenassh 2 hours ago|

Side-channel attacks are getting wild. Every time I think we've completely air-gapped a device, someone finds a way to use acoustic frequencies or hardware resonance to leak data.

wildzzz 1 hour ago|

Good job reading the actual article. It's not a audio or RF side chain attack where data is exfiltrated at a handful of bits per second, it's an attack on an unsecured BLE endpoint that can be converted into a rubber ducky.

More comments...