Highly reviewed speaker can be hacked over the air to infect connected devices

The Sound Blaster Katana V2X speaker, sold by Creative Technologies for $283, can be hacked over the air to infect connected devices. Researcher Rasmus Moorats discovered the vulnerability by accident while trying to create a Linux tool to communicate with the speaker. The speaker's proprietary Creative Transport Protocol allows devices to send commands and receive responses, and Moorats found that his Bluetooth device could connect to the speaker without authentication.