---
title: "Scandal Surrounds Creative Sound Blaster Katana V2X: How a Soundbar Becomes a PC Hacking Tool"
description: "🚨 Scandal with Creative Sound Blaster Katana V2X: Soundbar hacked via Bluetooth! 📶 A hacker can turn the speaker into a keyboard and steal data from your PC. The manufacturer refuses to release a patch, calling it a \"feature\". 🛑"
date: 2026-06-04T12:38:00.000Z
lang: en
url: https://xab.info/en/posts/scandal-creative-sound-blaster-katana-v2x-hack-via-bluetooth
tags: []
publisher: "XAB.info"
---

# Scandal Surrounds Creative Sound Blaster Katana V2X: How a Soundbar Becomes a PC Hacking Tool

![Creative Sound Blaster Katana V2X: the sound card at the center of the scandal about PC hacking possibilities](https://xab.info/media/2026/06/04/skandal-creative-sound-blaster-katana-v2x-vzlom-cherez-bluetooth/skandal-creative-sound-blaster-katana-v2x-vzlom-cherez-bluetooth-1.webp)

A serious scandal is unfolding in the world of computer hardware and peripherals. The popular Creative Sound Blaster Katana V2X soundbar, designed to enhance gaming audio, has come under scrutiny from cybersecurity experts. The cause is not just a software glitch, but fundamental flaws in the device's security architecture that allow attackers to completely take over a user's computer.

### Two Fatal Architectural Flaws

Researcher Rasmus Moortse published a detailed analysis of the vulnerability, demonstrating how a hacker can attack a system from up to 15 meters away. The problem lies in the fact that developers at Creative made two critical miscalculations which, combined, render the device's protection non-existent.

The first error concerns the Bluetooth Low Energy (BLE) interface. In the device, the control protocol is completely open to any gadget within range. Commands that, by security logic, should only come through a secure USB cable are accepted by the soundbar via the radio channel without question. Furthermore, the device requires neither passwords nor a pairing procedure.

The second issue is the lack of cryptographic signing for official firmware. The software update is protected only by a basic SHA-256 checksum. For hackers, forging such a signature is not difficult, opening the path to unauthorized interference with the firmware's operation.

### Attack Scenario: From Speaker to Keyboard

The combination of these vulnerabilities creates a dangerous scenario for the PC owner. An attacker within Bluetooth range can silently initiate the replacement of the original software with modified versions.

The essence of the attack is as follows:

    - Since the PC perceives the soundbar as a trusted USB device, the malicious firmware adds a keyboard profile (HID descriptor) to its configuration.

    - After a reboot, the speaker begins to independently "type" any key combinations and commands into the computer's terminal.

    - This allows for the automatic loading of viruses, trojans, or the theft of the user's personal data.

### Permanently Open Window for Attack

The situation is exacerbated by the fact that the Bluetooth module in the Katana V2X has no physical or software switch. It remains active and continues to search for connections even in sleep mode. This means the window for an attack remains open constantly, even when the user has stepped away from the computer.

### Manufacturer's Reaction and Lack of Patches

The researcher attempted to contact Creative to resolve the issue but, facing ignorance, turned to the Singapore Computer Emergency Response Team (SingCERT). Subsequently, the company sent an official response stating that this architectural feature "is not a vulnerability".

Furthermore, the manufacturer stated that no one intends to release an official patch to fix the code. At present, the latest version of the factory software remains fully vulnerable to hacker attacks.

### The Only Way to Protect

Against the backdrop of the manufacturer's refusal, the only effective solution is an unofficial "patch" from the discoverer of the problem himself. Rasmus Moortse created the v2x-patcher utility, available on his Gitea repository page. The tool blocks the execution of critical commands via Bluetooth at the firmware level.

However, users should weigh the risks: installing the protective patch will almost certainly break the integration of the speaker with the official Creative mobile app on the smartphone. If the mobile app is critical for the user, the only option for protection remains completely unplugging the soundbar from the socket when the PC is not in use.