Fender's 'smart' guitar amp has no Bluetooth pairing controls

Bum note: you could Rickroll an artist live on stage

By John Leyden


Updated Guitar amp manufacturer Fender's recently-introduced Mustang GT 100 guitar amplifier can be made to play whatever audio an attacker fancies, security researchers have discovered.

The amp allows Bluetooth connections, but without pairing security. Anyone within range could therefore "stream arbitrary audio to it and hijack your amp output", security researcher Chris Pritchard of Pen Test Partners (PTP) reported.

The device - marketed towards gigging musicians - is trivially easy to hack, as a video put together by PTP (below) demonstrates.

Anyone using the Mustang GT at a concert therefore ought to turn Bluetooth off - even though that removes the "smart" features that would have been the main reason for buying it in the first place.

The same amplifier is also vulnerable to more subtle hacks. For example it's possible to interfere with its preset sound settings.

The presets feature allows users to wield a smartphone app that imbues the amp with presets that mimic famous guitarists' signature sounds. The app interacts with the amp over Bluetooth Low Energy (BLE) and does so separately to the Bluetooth audio input.

Permissions-based security is absent from the preset feature, meaning mischief-makers could push a new sound preset to the amp over BLE: a musician could expect to sound like Hendrix but instead come out sounding rather different. The same trick could be used to mute the amp by enabling a feature designed to be used only when musicians are tuning up their kit.

Security researchers at Pen Test Partners also put the Marshall Code 50 smart amp through its paces. Marshall’s machine has similar features to the Fender but with better security. "It relies on authentication to do anything, so it can’t be hijacked in the same way," PTP's Pritchard said.

The issues uncovered in Fender's amp are best-described as features that are open to abuse rather than vulnerabilities that could leak data. They do, however illustrate that vendors are adding smarts to all manner of technologies without also adding intelligent security controls.

"We don’t consider these to be vulnerabilities particularly, more abuse of features for unintended consequences," Pen Test Partners' Ken Munro told El Reg.

PTP reckons Fender could mitigate the issues it has uncovered by implementing some simple pairing security. "Even a button press on the amp to put it in pairing mode for a short period would be a step in the right direction," PTP concludes.

Fender is yet to respond to a request for comment from The Register. ®

Updated to add

A spokesman for Fender has finally been in touch to say the Bluetooth-related security issues "were addressed in an update to the amp a few months ago," although you need to install said update to benefit from it.

"Any new amps should now have the latest software, and as always we recommend that you update your amp to get the latest software, which includes fixes like this," he said. "The software can be easily updated via Wi-Fi, and only takes a few minutes, depending on your internet speed."

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Bad news, mobile operators: Unlicensed IoT tech rocketing ahead of NB-IoT and LTE-M – report

Plus global mobe mobs name Sigfox top IoT tech lag

IoT shouters Chirp get themselves added to Microsoft Azure IoT

Now your devices can join you in bellowing at Redmond's products

Enterprise IoT security sucks so much, it's made Intel and Arm work together to tackle it

Chip rivals lock lips to make customers happy

Security MadLibs: Your IoT electrical outlet can now pwn your smart TV

McAfee finds new way to break thing that shouldn't be on your home network in the first place

The wheel turns slowly, but it turns: Feds emit IoT security tip sheet

Alexa! Are you part of a botnet?

Amazon, Google inject Bluetooth vuln vaccines into Echo, Home AI pals

Updated The BlueBorne ultimatum

Offline (if that's how you like it): Microsoft Azure IoT Edge

Fancy something a bit lighter? Fill your boots with Azure Sphere hardware

What do you press when flaws in Bluetooth panic buttons are exposed?

Researcher able to DoS and track personal protection kit

Princeton research team hunting down IoT security blunders

Taming Things leaky, sneaky, or creepy

Google unwraps its gateway drug: Edge TPU chips for IoT AI code

Custom ASICs make decisions on sensors as developers get hooked on ad giant's cloud