Sound Bars Hacked by Bluetooth with a Raspberry Pi

The Yamaha YAS-207 is a sound bar that can be controlled via Bluetooth with an application for iOS or Android. However, if you want to control it with another device via Bluetooth, or with a computer, there is nothing you can do. However, a hacker has provided a solution.

Analyzing packets sent via Bluetooth

To do this, you first installed Android-x86 on a virtual machine and enabled the Bluetooth HCI snoop log in Developer Settings. With the netcat command, you continually send to your Linux and Wireshark computer to analyze packets. With this, by pressing the buttons in the Yamaha app, you can see what data was sent via Bluetooth.

From there, you can already analyze the commands at the individual level, as well as the packets to respond. Later, he wrote the code that allowed him to communicate with the soundbar through the Raspberry Pi . He combined that with Shairpoint Sync, which allows, with a Raspberry Pi, to turn on the soundbar and change the sound source for streaming with AirPlay or any other source.

There are unprotected Bluetooth sound bars

Thanks to this, you can now control the soundbars with any device you want, but this also opens the door for anyone else nearby to do so. Luckily, the situation is not as bad as it happens directly with other sound bars, where they do not even put protection mechanisms to prevent misuse.

Thus, there are LG or Samsung models that come directly without protection. In the case of LG, there is a way to protect it after buying it, but in Samsung models there is no way to do it, having to suffer torture if we have an excessively funny neighbor because they can connect at any time to the bar ; even if we have it connected by HDMI or we are using it with another cable. Therefore, it is necessary for manufacturers to put special emphasis on protecting these connections, where confirming the connections would be as simple as having to press a physical button on the bar or on the remote.