Results 1 to 23 of 23

Thread: Hijacking a 'smart' amp during a gig

  1. #1

    Default Hijacking a 'smart' amp during a gig

    This could make for some unexpectedly unique gigs. Quick quote from The Register:

    "Guitar amp manufacturer Fender's recently-introduced Mustang GT 100 guitar amplifier can be made to play whatever audio an attacker fancies, security researchers have discovered.

    "The amp allows Bluetooth connections, but without pairing security. Anyone within range could therefore "stream arbitrary audio to it and hijack your amp output", security researcher Chris Pritchard of Pen Test Partners (PTP) reported.

    "The device - marketed towards gigging musicians - is trivially easy to hack, as a video put together by PTP (below) demonstrates." ...

    (or direct link)

    The PTP article cited above has lots more to say, including this:

    "The Bluetooth ID is 'Mustang GT', though anyone using this amp to play live would be well advised to turn Bluetooth off.... Of course, that then stops you using the smart features that are the key to this amp..."

  2. #2
    Registered User
    Join Date
    Jun 2005
    Location
    High Peak - UK
    Posts
    4,171

    Default Re: Hijacking a 'smart' amp during a gig

    Some years ago we were setting up for a show in the UK and the roadie on stage was messing around testing the levels of the vocal mics. You know the sort of thing - 1-2; 1-2; 68; 32; 45; 99......

    A couple of minutes into the check, the rear door of the theatre burst open and the unanounced visitor said "Are you using a radio mic.? Only I'm the bingo caller from over the road and it's braking through my sound system"

    (Thought - Do our US friends know about Bingo?)

  3. The following members say thank you to Ray(T) for this post:


  4. #3
    Registered User
    Join Date
    Jan 2009
    Location
    S.W. Wisconsin
    Posts
    7,507

    Default Re: Hijacking a 'smart' amp during a gig

    B42, I17 Yes we know about Bingo. Bingo, Bingo, Bingo and Bingo was his name 0.
    THE WORLD IS A BETTER PLACE JUST FOR YOUR SMILE!

  5. The Following 2 Users Say Thank You to pops1 For This Useful Post:


  6. #4
    Registered User
    Join Date
    Mar 2003
    Location
    Columbus, GA
    Posts
    1,360

    Default Re: Hijacking a 'smart' amp during a gig

    I think Fender's money could be better spent in other areas.
    David Hopkins

    2001 Gibson F-5L mandolin
    Breedlove Legacy FF mandolin; Breedlove Quartz FF mandolin
    Gibson F-4 mandolin (1916); Blevins f-style Octave mandolin, 2018
    McCormick Oval Sound Hole "Reinhardt" Mandolin
    McCormick Solid Body F-Style Electric Mandolin; Slingerland Songster Guitar (c. 1939)

    The older I get, the less tolerant I am of political correctness, incompetence and stupidity.

  7. #5
    Registered User foldedpath's Avatar
    Join Date
    May 2007
    Location
    Pacific Northwest, USA
    Posts
    5,293

    Default Re: Hijacking a 'smart' amp during a gig

    Quote Originally Posted by DHopkins View Post
    I think Fender's money could be better spent in other areas.
    They're just following Gibson, Line6 and the rest down the digital rabbit hole.

    They'd be better off in the long-term, finding a way to recreate the classic WW2 and post-war tech NOS vacuum tubes for their amps, instead of cheap modern substitutes. Well, a person can dream anyway...
    Lebeda F-5 mandolin, redwood top
    Weber Yellowstone F-5 octave mandolin

  8. #6
    Registered User
    Join Date
    Mar 2003
    Location
    Columbus, GA
    Posts
    1,360

    Default Re: Hijacking a 'smart' amp during a gig

    Quote Originally Posted by foldedpath View Post
    They're just following Gibson, Line6 and the rest down the digital rabbit hole.
    Okay, I think the money could be better spent by "Gibson, Line 6 and the rest."
    David Hopkins

    2001 Gibson F-5L mandolin
    Breedlove Legacy FF mandolin; Breedlove Quartz FF mandolin
    Gibson F-4 mandolin (1916); Blevins f-style Octave mandolin, 2018
    McCormick Oval Sound Hole "Reinhardt" Mandolin
    McCormick Solid Body F-Style Electric Mandolin; Slingerland Songster Guitar (c. 1939)

    The older I get, the less tolerant I am of political correctness, incompetence and stupidity.

  9. #7
    Mandol'Aisne Daniel Nestlerode's Avatar
    Join Date
    Mar 2004
    Location
    Picardy
    Posts
    2,176
    Blog Entries
    81

    Default Re: Hijacking a 'smart' amp during a gig

    Yes, Ray. They do Bingo in the US. But it's stereo-typically the domain of OAP's. They have no idea how serious people who play bingo here in the UK take their bingo nights. (I have only just learned this myself after having been a resident in the UK since 2012!)

    So a disturbance to a radio mic'd bingo caller will result in a room full of angry people!

    Daniel

  10. The following members say thank you to Daniel Nestlerode for this post:


  11. #8
    Registered User Eric Platt's Avatar
    Join Date
    Jan 2009
    Location
    St. Paul, MN
    Posts
    2,045

    Default Re: Hijacking a 'smart' amp during a gig

    This doesn't surprise me. While not a Fender, do have a Mackie Freeplay portable PA system. A great feature is the Bluetooth mixing board and effects. Even here, there is no password or encryption. It would be to hack. Am going to keep using it because the benefits far outweigh that one disadvantage.

    As to the Fender digital - I like it. They have done a fine job of catching sounds, especially reverb, with their digital modeling. If I ever got rid of my early Roland Cube amp, would be buying one of the Fender models.
    Brentrup Model 23, Boeh A5 #37, Gibson A Jr., Big Muddy M-11, Coombe Classical flattop, Strad-O-Lin
    https://www.facebook.com/LauluAika/
    https://www.lauluaika.com/
    https://www.facebook.com/Longtine-Am...14404553312723

  12. The following members say thank you to Eric Platt for this post:


  13. #9
    but that's just me Bertram Henze's Avatar
    Join Date
    Jun 2005
    Location
    0.8 mpc from NGC224, upstairs
    Posts
    10,054

    Default Re: Hijacking a 'smart' amp during a gig

    I wouldn't worry about being hacked at the gig. You'll never even arrive, because somebody reprogrammed your autonomous car to take you to some dark neighborhood where they will relieve you of all your pesky heavy equipment...
    the world is better off without bad ideas, good ideas are better off without the world

  14. The Following 2 Users Say Thank You to Bertram Henze For This Useful Post:

    Jess L.Nevin 

  15. #10

    Default Re: Hijacking a 'smart' amp during a gig

    Quote Originally Posted by Ray(T) View Post
    Some years ago we were setting up for a show in the UK and the roadie on stage was messing around testing the levels of the vocal mics. You know the sort of thing - 1-2; 1-2; 68; 32; 45; 99......

    A couple of minutes into the check, the rear door of the theatre burst open and the unanounced visitor said "Are you using a radio mic.? Only I'm the bingo caller from over the road and it's braking through my sound system" ...
    Yeah that would make for an interesting bingo game!

    I once had a turntable/AM/FM radio unit I'd bought cheap in a junkstore, thought it was a good bargain at first, but found that it had one flaw. When its power switch was on, it would pick up police-car radio transmissions from cop cars driving past (lots of police traffic on that road, and apparently they had pretty high-powered radios), I could hear every word they were saying for several seconds until their car was out of range of the turntable's inadvertent receiver. I'm guessing that the turntable must have had some unshielded parts or something. I got rid of that turntable and bought a newer one which had no such problems.

    Also had an ultra-cheap wireless doorbell that would occasionally get triggered by CB radio transmissions of log trucks going by. That was back in the days when the local truckdrivers were noted for souping up their CB radios to way-beyond-illegal broadcast levels. That particular doorbell didn't have any way to change its frequency to prevent interference, so we threw it out and bought a different brand, problem solved. Although the new one turned out to not be very weatherproof and failed to function at all after a year or so.

    Yeah I know, these are inadvertent RF interference things, not hacking, but still made for some puzzling results at first.

  16. #11

    Default Re: Hijacking a 'smart' amp during a gig

    Quote Originally Posted by Bertram Henze View Post
    I wouldn't worry about being hacked at the gig. You'll never even arrive, because somebody reprogrammed your autonomous car to take you to some dark neighborhood where they will relieve you of all your pesky heavy equipment...
    Yeah I've read of some of the car-hacking stuff that's possible already. All that 'smart' stuff needs to have security built into it from the start, not tacked on later as an after-thought. But we see how, for instance, computers are, the software makers push out bug-riddled releases just to meet schedule and then they figure they'll fix them later with updates when they get around to it. That trend started at least as far back as the 1990s that I'm aware of, and has gotten a lot worse as the gadgets have gotten more complex.

    Used to be, when you bought something brand new, it was good-to-go for a while and required no further maintenance for at least a few months hopefully. Now, the instant you buy some tech gadget, the very first time you turn it on it already requires a security update. Bah! I mean, it's good that they're fixing flaws, but it would be better if they'd anticipated all the security holes *before* putting the product on the market. We can dream...

    I wonder if those self-tuning guitars are hackable yet... now that could create some concert chaos...

    Hey I know I'm off-topic, it's OK, I'm the OP, off-topic is fine! I know that I always enjoy reading off-topic stuff because I never know what I might learn, that I wouldn't have found out about otherwise.

  17. #12

    Default Re: Hijacking a 'smart' amp during a gig

    Quote Originally Posted by Daniel Nestlerode View Post
    Yes, Ray. They do Bingo in the US. But it's stereo-typically the domain of OAP's. They have no idea how serious people who play bingo here in the UK take their bingo nights. (I have only just learned this myself after having been a resident in the UK since 2012!)

    So a disturbance to a radio mic'd bingo caller will result in a room full of angry people!
    Interesting cultural differences! Thanks Daniel, for the UK perspective, I had no idea!

    I had to look up "OAP" though, my first guess was not quite correct (I'd thought maybe it meant "old angry people") but according to the first Google search result, it's a British term that means "old age pensioner". Ah... I see now. Yeah, commonly true in the U.S., at least that's been my observation as well. Although we're referred to as "seniors" here.

  18. #13
    Registered User
    Join Date
    Jun 2005
    Location
    High Peak - UK
    Posts
    4,171

    Default Re: Hijacking a 'smart' amp during a gig

    Personally, I've always thought of Bingo as a delayed raffle but never played it myself.

  19. #14
    Adrian Minarovic
    Join Date
    Oct 2003
    Location
    Banska Bystrica, Slovakia, Europe
    Posts
    3,461

    Default Re: Hijacking a 'smart' amp during a gig

    We have quite a few new ceiling mounted projectors in the school and whiel they have their own RC, they can also be controlled via bluetooth... sometimes students with their smartphones find out and once in the while screen goes upside down or whatever they find funny....
    Adrian

  20. The following members say thank you to HoGo for this post:


  21. #15
    but that's just me Bertram Henze's Avatar
    Join Date
    Jun 2005
    Location
    0.8 mpc from NGC224, upstairs
    Posts
    10,054

    Default Re: Hijacking a 'smart' amp during a gig

    Quote Originally Posted by JL277z View Post
    ... it would be better if they'd anticipated all the security holes *before* putting the product on the market.
    I have a feeling that this is traceable back to Turing's halting problem and is therefore impossible. There's a barber paradox somewhere in there.
    the world is better off without bad ideas, good ideas are better off without the world

  22. The following members say thank you to Bertram Henze for this post:


  23. #16

    Default Re: Hijacking a 'smart' amp during a gig

    About software vulnerabilities & tech stuff in general...

    Quote Originally Posted by JL277z View Post
    ... it would be better if they'd anticipated all the security holes *before* putting the product on the market.

    Quote Originally Posted by Bertram Henze View Post
    I have a feeling that this is traceable back to Turing's halting problem and is therefore impossible. There's a barber paradox somewhere in there.
    Ah yes mathematics and logic, believe it or not that was my best & favorite subject in school, a bazillion years ago. I've devolved considerably since then (brain injury, for real) and I remember very little of what I learned in those classes, but I'm still fascinated by it.

    In any case, I probably should've worded that other sentence a little more carefully, as I realize that my use of the word "all" was sloppy writing on my part. It would likely be impossible to "[anticipate] all the security holes" in any product. There are evidently so many variables and unexpected ways that software stuff can interact, with new things being developed all the time (the usual cat & mouse game between developers and black-hats), that predicting all possible outcomes would be an unreasonable expectation.

    So... how about this tentative revised sentence instead:

    "It would be better if developers would at least try a little harder to anticipate the most obvious likely-to-be-exploited potential vulnerabilities in their products, and take measures to protect the product and the customer from undesirable compromises of product functionality, rather than the all-too-frequent situation we see where developers (or their managers) blithely assume that no one would ever bother trying to tamper with the product or interfere with its functionality." Or something like that.

    Switching gears... My previous audio recorder, a Tascam, had some sort of 'smart' features as well - as I vaguely recall it communicated via wi-fi though (might be remembering that wrong) and not bluetooth like the Fender amp, anyway the Tascam was supposed to be controllable via an Android app on my smart phone. Sounded good in theory, and I had no problem setting it up, the two devices were communicating ok. The only problem was, when I enabled the communication on the recorder, it drained the recorder's batteries so fast that it rendered the recorder nearly useless. Seemed like just another instance of poorly-thought-out design, looked good on paper but in the real world there was "one little detail" (battery life) that was kind of a deal-breaker (made the device far less useful than I'd hoped).

    Somehow, oddly, I managed to lose that Tascam (no, not on purpose, I swear!). After a year or so of doing without, I finally bought a Zoom H2n which is what I really wanted in the first place, but was trying to save some $ by buying the cheaper one. Sometimes buying cheaper stuff costs more in the long run.

  24. #17
    Quietly Making Noise Dave Greenspoon's Avatar
    Join Date
    May 2003
    Location
    Leesburg, VA
    Posts
    1,102

    Default Re: Hijacking a 'smart' amp during a gig

    Can't one rename the connection and add security, like a password, to these amps?
    Axes: Eastman MD-515 & El Rey; Eastwood S Mandola
    Amps: Fishman Loudbox 100; Rivera Clubster Royale Recording Head & R212 cab; Laney Cub 10

  25. #18
    Registered User gspiess's Avatar
    Join Date
    Feb 2017
    Location
    Central PA
    Posts
    301

    Default Re: Hijacking a 'smart' amp during a gig

    Since the appearance of this thread the prankster in me has gone into overdrive. I could actually be talked into buying a few of these amps as gifts for some guitarist/gods I know.
    Being right is overrated. Doing right is what matters.

    Northfield F5S Blacktop
    Pono MND-20H

  26. The Following 2 Users Say Thank You to gspiess For This Useful Post:


  27. #19
    Mandol'Aisne Daniel Nestlerode's Avatar
    Join Date
    Mar 2004
    Location
    Picardy
    Posts
    2,176
    Blog Entries
    81

    Default Re: Hijacking a 'smart' amp during a gig

    Quote Originally Posted by gspiess View Post
    Since the appearance of this thread the prankster in me has gone into overdrive. I could actually be talked into buying a few of these amps as gifts for some guitarist/gods I know.
    wishing there was a LOL! as well as a Thanks.

    D

  28. The following members say thank you to Daniel Nestlerode for this post:


  29. #20
    Registered User Kevin Stueve's Avatar
    Join Date
    Mar 2015
    Location
    Kansas
    Posts
    475

    Default Re: Hijacking a 'smart' amp during a gig

    Quote Originally Posted by Bertram Henze View Post
    I have a feeling that this is traceable back to Turing's halting problem and is therefore impossible. There's a barber paradox somewhere in there.
    I have a feeling you are right but no desire at this point in my life to construct a formal proof.
    2012 Weber Bitterroot F5.

  30. The following members say thank you to Kevin Stueve for this post:


  31. #21
    Registered User
    Join Date
    Oct 2008
    Location
    Chicagoland
    Posts
    720

    Default Re: Hijacking a 'smart' amp during a gig

    Quote Originally Posted by Ray(T) View Post
    (Thought - Do our US friends know about Bingo?)
    Oh yeah.

    http://l7.alamy.com/zooms/e6c86d1065...ngo-e03yr5.jpg

  32. The following members say thank you to jesserules for this post:


  33. #22

    Default Re: Hijacking a 'smart' amp during a gig

    Quote Originally Posted by gspiess View Post
    Since the appearance of this thread the prankster in me has gone into overdrive. I could actually be talked into buying a few of these amps as gifts for some guitarist/gods I know.
    Lol!

    Quote Originally Posted by Dave Greenspoon View Post
    Can't one rename the connection and add security, like a password, to these amps?
    EDIT - correction - please see new info in post below.
    Last edited by Jess L.; Mar-08-2018 at 7:32am. Reason: Correction

  34. #23

    Default Re: Hijacking a 'smart' amp during a gig

    I just noticed an update towards the bottom of TheRegister page, how long has that been there? Anyway here's what it says:

    "A spokesman for Fender has finally been in touch to say the Bluetooth-related security issues "were addressed in an update to the amp a few months ago," although you need to install said update to benefit from it.

    "Any new amps should now have the latest software, and as always we recommend that you update your amp to get the latest software, which includes fixes like this," he said. "The software can be easily updated via Wi-Fi, and only takes a few minutes, depending on your internet speed."

    Hmm. So, as long as users update their gear's software promptly - er, sorry please excuse me while I pick myself up off the floor after rolling around laughing for a while - I know so many people who never update anything unless it's mandatory like modern Windows, they just take their new gadgets out of the box and start using it - and what non-techie would ever think that an appliance-like object like an amp would ever need a security update? ... So anyway, Fender is saying to update the thing & problem solved... I guess that's good, then.

    I suppose it's also best to not assume that just because the amp is brand new means it's already updated - could have been sitting in some warehouse for a long time and still have the old software.

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •