Fun fact, there's *pacemakers* that have been hacked. Almost all modern pacemakers/defibrillators "phone home" to the hospital that installed them, for the purpose of monitoring that the device is still functioning properly and notifying the patient if something isn't quite right anymore (or, in the case of a defibrillator, logging when it activates so both the hospital and the patient can track when the device acts to keep them alive). At some point in 2017, a hacker found out that he could "intercept" the data being sent out and access both the sensitive medical data and the current GPS coordinates of the device. Potentially even worse was a specific pacemaker (which was very swiftly recalled) that you could remotely deactivate or cause to send test-shocks, thereby potentially causing a heart-attack in the patient, via a specially crafted SMS.
In most all other cases you don't, as other companies weren't colossally dumb enough to store that information directly on their device. And then to add insult to injury by giving said device WiFi capability and the ability to phone home to the company. And the icing on the shit cake that Neural DSP baked? They didn't encrypt a stich of it....... Nah, this isn't a digital vs. analogue issue, this isn't a guitar pedal issue, this is a Neural DSP issue.
Yeah, create a separate Wifi network for Internet of Things devices (which this would fall under). And make real passwords for your wifi, not your address, birthdays, etc.
@@Scott__C I think you missed my point. Yeah, take precautions with IoT devices. But you know what's even easier? A guitar pedal that doesn't support any kind of network access at all. Instead of defending against the attack vector, eliminate it entirely. I guarantee you that I am 100% rock-solid safe from attacks via a Boss CH-1...
Apple and other computer companies actually have a bounty system for people that find this kind of issue and fix it ASAP. For Neural DSP to ignore it is REALLY REALLY bad.
They did not ignore it. You’re joking if you think you’re not giving out your info everytime you’re on ur computer or cell. Every website is a challenge and risk. Wake up. Neural gave out emails big deal.
@Kcussrebutuemos You're joking if you think that not encrypting the information contained in these systems is anything other than lacklustre and shoddy.
Your cell does it everyday. It’s not an amp. It was weeks ago. Fixed. Nothing happened. Like what T-Mobile did to us giving out our Social Security number to thieves every single one of us. That means someone can steal our identity that’s a big deal. You have to do a lot to protect your identity after that happens it takes days this was nothing. Nothing happened yes they should’ve encrypted your email and Wi-Fi password so if somebody comes in to your house to ask for your Wi-Fi password tell them no. Every single time you go on the cell phone you’re giving out information about yourself. TikTok has been removed already from one state in the US you are giving your information to China. There are thieves all over your cell phone in every website and app you can look up which apps to stay off of. My dude.
Near enough every company demands a wealth of personal information before having the grace to allow you to use (under license) the software you've paid for. We've been so enamoured by technology and what it can offer, we have rolled over and given in to these demands just to get our hands upon it. Even something like loosing a phone which would of been a sickener at any time, now could have massive implications. The only way of effecting change would be a point blank refusal to play the game as such until this system changes, but unfortunately this will never happen. Another interesting article KDH thanks.
This is inexcusable. Security is a must in this digital age. Places spend millions hardening their systems these days. You are correct though. The Hacks could have been so much worse. I wonder if someone was hacked, and for example lost money from their bank account ,and it was tracked back to NDSP if they would be liable for it being that they knew MONTHS ago. They should have issued a hot fix for it the second they knew about it.
As breaches go, this is pretty minor - it's names, email addresses and WiFi passwords. Yes, shouldn't happen but it's nothing like as scary as being portrayed nor does it pose a real threat. Access to my WiFi does not grant access to my bank account, no matter how sophisticated the hacker. My email address contains my name and has already been leaked in hundreds of other leaks. I get many fishing emails a day. Shouldn't happen but it's a total nothing burger.
I am a development lead for 2 software teams for an international telecommunications company. We often get complains about the effort we make, yep, even to make 'things' secure. What I hear here is just unprofessional. Or naive. Or a mixture of both. Then again, stupid things do happen. So... I hope someone over there wakes up.
I was so excited to go get the QC. I have been debating that or the helix for the longest time. Good thing I saw this because now it’s not even a decision anymore
Yes get the crappy helix it’s awful. Over a WiFi password that may that’s Jay have gotten out. They can’t do anything with it. But til tok has your info and every other app you’ve been on.
Upvote this, let it get around. Trust is earned. Neural DSP has unearned it before they were able to earn it. Nice work! One less company's products I'll pay any attention to.
So you're going to ignore a great product despite the fact the issue is fixed? Something tells me you own a rival product and just want to have a good dig like apple fan girls slag off Android phones
@@neildeakin4454 it wasn't an accident. Stealing people's data is what scumbags do these days. I'm sure they got funding to build the product by the endorsers. Neural is a new company, track records matter. And I guarantee it was intentional.
With that mentality don’t use any tech that’s out in the world. Literally every major company and below have been hacked and have had your information exposed.
@@brianjones8432 are you sure? as someone who works in tech, everything digital is doing shady stuff and vulnerabilities ALWAYS exist, they just haven't been discovered.
I'm a Computer Science student right now, and while I haven't learned how to encrypt data yet, I'm legit terrified. I've been using their plugins now for years, and have told a lot of good things about them to my friends. Hearing that they didn't encrypt their data, send major red flags. It legitmately could cost them my future business because they choose to not encrypt their data. This is literally Cyberscurity 101.
Network security operator here: You don't have to encrypt ALL your data, but goddamn you should store your data securely. That does include ENCRYPTING YOUR OWN FUCKING PASSWORD or finding another way to send info to your servers.
@@kennylongnose4001 Then that would almost be worse. You're talking about passwords (that should absolutely be encrypted) to multiple user accounts and official company accounts. And that's been available to a hacker on a whim since 2021. That's just an insane level of incompetence and lack of care for your customer.
@kennylongnose4001 Keeping Customer data safe should be their #1 priority. They shouldn't purposely not fix the issue because maybe "hackers won't be interested"
Oof I think this qualifies as a pretty serious GDPR violation, considering they were notified months ago and didn't release a report until now. I wonder if the EU will come for them on that front
I am afraid, EU is too busy with bigger players and GDPR violations of wider ranges, affecting millions of customers, not just some thousands. So, NDSP may feel relaxed about this (for now) but their reputation as vendor and technology driver is in free fall and those who work for this company (potentially) may face issues as well in future if these try to apply for jobs of companies who take more care about security and privacy of end customers. A technically experienced recruiter could use this easily for interesting questions. This is serious and nobody can hide behind a policy of an (ex-)employer.
I hear you man. Theres always someone to say what about servicing/repair headaches over the years but thats just called looking after your kit. You dont mind that over software hassle, computers, things becoming outdated and devalued by newer versions etc.
"Neural DSP is committed to providing the most safe and secure experience for our customers, we implement state of the art clear text technologies to ensure user data is ubiquitous to the outside world"
@@f0rth3l0v30fchr15t Hack into my Fractal...... Good luck, there's no user data stored there. As I've said many times in other threads here, this is a Neural DSP design problem, not a tube vs. digital problem.
Or had they been smart, like say Fractal did with their products, they just wouldn't store that information on the unit. This isn't a tube vs. digital thing, it's a design issue.
Turn them off. Wait for 10 seconds then turn them on again while putting one finger in your right ear and singing "The Star Spangled Banner". This will reset the chipset and ensure that your data is properly secured. This is for the Fender obviously. For the Marshall you need to put a finger in your LEFT ear and sing "God Save the King"
I heard about a company that got hacked and lost millions, by using a wifi connected coffee machine. ANYTHING with wifi, that doesn't have anti virus software, IS a backdoor. If Neural is guilty is are MANY companies. Printers are notoriously easy to use as a backdoor because they're now about ALL connected to wifi. Maybe Neural is not taking it very seriously, and they SHOULD, but from the very start of getting one I though "oh, this has wifi, I should keep this unconnected because I'm sure it has no anti virus software, and remember the coffee machine incident." Basic internet security. My question now, is: When you tether your QC to the internet using your computer instead of wifi, is it still vulnerable? Or is it safe because it's coming through your computer with antivirus software? And when are they finally going to put anti virus software in place? That I would like to know.
@@chiefpotpipe Yeah they do! Really underrated clean tone that is a great pedal platform, and the overdrive channel is also really good. Plus, they're loud as fuck lol
That is a monumental fuck up. I’m going to stay clear of all neural dsp products and plugins for good. The attitude of that company is someting else. They have some neck.
Sounds like the customer's wifi passwords were always sent to Neural DSP when they sent a crash log? That alone is a HUGE privacy issue. Even if that data had never been accessible by anyone outside of Neural DSP, the company should not collect customer data as sensible as this. Also having an email password hard-coded and basically accessible by anyone... Seems like they didn't have the slightest clue about security best practices and just chose to ignore that.
Not starting to tackle this issue when first notified about it is like letting a crack in the dam get bigger and bigger until you see some water leaking through it. Wtf Neural.
These days most organisations have a responsible disclosure policy in place. This means that hackers/scriptkiddies can formally report any vulnerability they find and often get rewarded for it. The fact that Neural hasn't shown the slightest bit of appreciation for these hackers that tried to help them(for free) is concerning.
He’s about 2? Weeks Kate and he knows it’s not a big deal. Change your WiFi password if that. It was fixed weeks ago and he’s just finding out about it now but doesn’t mention any other breaches that are done on the daily on every app you go on like TikTok today it was banned in Wyoming Facebook has done this and other apps, I’m not gonna keep repeating myself you have to give him more information out than you realize, every time you go on some random website you’re risking giving out your information they already have a lot of your info T-Mobile has already given out all our Social Security numbers to somebody who gave them out to the dark web. Do you know what we had to go through with that was freezing credit, etc. wake up. Geez.
Excellent reporting, one of your best. I think, for the most part you really captured the heart of the issue. I am perhaps a bit more charitable with Neural than you. I have been doing computer security for a lot of years and I have seen this kind of thing over and over. Bad security is far more common than good security. I would really like to see Neural come out with specifics on what they are going to do to prevent this in the future. They definitely need to rebuild trust.
I work in the same field, and it's pretty rare to see this level of incompetence. Not even encrypting personal user data on the device (programming 101)? That means it went through an entire dev team, their management, and mind you this is through an entire design and production cycle, and no one caught this or thought it was important on the device? And to make it worse, it's been out in the world completely unaddressed for 2 years even after the company has been explicitly warned. That's just clown world stupidity across the board and companywide.
@@raymondforbes4295 Oh I know, I've visited my share of NOC's in my time and seen horrendous practices, but this is a bit different. This went through it's entire development cycle (years) and they didn't even design with the security in mind, much less catch that mistake somewhere along the way. Hilarious part being that it's flat out bad design anyway. Why would you have the unit store this information at all? Why would you use WiFi as your chosen connection method rather than BT or USB for the editor and firmware updates? The unit shouldn't ever have to contact Neural DSP. Just crazy stuff man.
@@brianjones8432 I mean, they had the password for their gmail account just plain text on the device. heh. It is pretty clear there is nobody there really thinking about security. I did mail them a couple years ago asking if they were going to open up position focusing on security. I never got a response back.
This is very common and at least they’re being honest as to what happened and they fixed the problem weeks ago and again for the third time and by the way this is going on with you all the time you just don’t know it why do you think they just removed TikTok in one of the states in the US? T-Mobile gave out our Social Security number there was a giant breach. I didn’t hear this much about it as I did about the quad cortex which was not a really horrible thing change your Wi-Fi password if you’re that concerned. Meanwhile, we had to freeze our credit we had to put fraud alerts out we have to check every month to see what’s going on. Giving out a social security number by a company as big as T-Mobile. Where’s the anger for them?!! I was infuriated with T-Mobile you don’t think that they would know better they’re a huge company. This is going on all the time every time you take a chance and go on some random website it could happen. Yes they should’ve known better well now they do. I still don’t think anything was stolen from them. I already had a talk with them. I think they feel pretty confident that things are OK update their latest update which you should’ve got another notification. There were 2. One fixed that security issue and one fixed another simple issue.
How’s about doing everything possible to deeply evaluate your attitude and priorities with respect customer data security? Seems like that’s where you need to start rather than with your systems and the Quad Cortex itself. Get your attitude right and you’re more likely to get your systems right 🤷🏼♂️
This is just crazy. Who the hell doesn't encrypt that kind of data?? Sensitive user data or connection creds from the company itself?? That's programming 101 to secure that stuff. Between this and all the other issues why would anyone still own one of these things. The company is literally screaming "I could care less about your privacy or features" at this point. Again, so happy I'm not a Quad Cortex owner. Never had any issues like this with Fractal.
Do you work as a programmer? Companies are completely reckless with security and user data, they don't care until they get bad PR from a leak. I would have hoped that a smaller company like Neural DSP would have been better though.
@@pigbenis274 No, I've worked in support of large teams of programmers. I'm on the server support and NOC security side. And from what I can tell it's amateur hour at Neural DSP. Saying "all companies do this" tells me you just don't know what you're talking about. Anyone who left security breaches this basic open on any job I've been involved with would be crucified. This is some of the most basic security you provide in software (securing email connections, ODBC connections, private user data). Every stitch of that should be encrypted. This also tells me it got past their QC, which means not only was their source coding team ridiculously stupid, management for their entire programming division and product development were idiots as well. These are rookie mistakes.
@@stallionstudios Yep, pretty much. I mean it's just bad design anyway. They didn't have to ever have the unit contact Neural at all. Nor did they need to use WIFI. Fractal just connects to the computer for the editor and firmware and stores no user data at all. Can't speak to Kemper and others but I would suspect it's the same. This is just complete incompetence in design of the damn thing.🙄
I'd be mad if this didn't happen with literally every company that's ever had access to my data. Definitely something they need to never have happen again, but I'm not surprised it took more public pressure for them to actually get to it. Truly unfortunate but still the best out on the market right now
This doesn't happen with every other company that has access to your data. That's a made up idea to make this not seem so bad. This is both lazy and shoddy work.
@@PaulLembo I mean it happens with a VAST majority of them, much bigger companies than you'd expect too. Denying so is just odd. It's 100% lazy and shoddy but nothing that surprises me one bit considering how small they are in comparison to companies that still have similar issues. I think it being locked behind the skill gap of mainly being used by skilled musicians and the paywall of $1800+ saved everyone from getting their identity stolen out of this by some "bad hacker"
Those good guys you're talking about, they're called "White Hats." Hackers that look for security vulnerabilities (because it's fun for them, usually) and when they find something, they report it to someone who should be able to notify someone who is responsible for fixing it. Typically, if there's a vulnerability in something, you typically want a White Hat to find it first, since by definition, they're not looking to abuse it.
Other than being more expensive, how exactly is this unit better than the NUX MG-300? The NUX already has a desktop editor, and it had one years ago. It's also nearly twenty times cheaper than the Quad Cortex. And it doesn't have similar security issues.
@@castleanthrax1833 the nux doesn't have profiling which is like... One of the biggest features of the QC and why it was hyped up as much as it was. Again - stupid comparison and the nux is just not a contender.
This why I've predominantly returned to amps and analog equipment, I foresaw this being an issue 10-15 years ago when modeling units began to have early forms of internet connectivity. Also, the stack of useless units in my closet due to device power issues, software issues, awful dated tones, irreparable damage.. the amount of money I spent on that gear for the return it gave me is pretty depressing. My amps and pedals? I plug them in and play, and they sound the same as they did twenty years ago.
Man, this unit hasn’t had a good slog of it has it? First it had a delayed launch which limited its market share considerably, overpromised features at launch that still haven’t been implemented and the features that are there have their abilities exceeded by competitors, a price only the affluent can part with and now a major security breach which had the potential for massive fraud and even identity theft. GG, that’s just impressive.
Considering all of these security flaws, it’s a wonder no one can crack the DRM on Neural’s software. They have that stuff on lock (good) but somehow QC was borked? I’m really glad I waited a year or so before I pulled the trigger on a multi.
LMAO at the QC fanboys saying this was a "Kemper Killer", yada yada yada. Neural dug their own grave. Others have jumped ship to the Tonex...and Kemper is still getting updates and new features.
The longer this goes on, the more I'm convinced Neural DSP is basically just a bunch of cargo cult programmers and terribly ineffectual management, in constant panic/rush mode. And as someone said below: the GDPR implications of this are going to bite Neural DSP VERY hard, GDPR is 100% unforgiving. That's a 10million euro fine minimum.
We should find out soon. I can only imagine these are being torn apart now. I mean as far as high value targets go, professional recording studios would be up there.
5:05 That’s not true at all though? Sniffing network traffic wouldn’t work with everything using https, and computers dont usually have open ports allowing free access either.
Ugh not surprised, if they spent as much time on actual things like this rather than moderating their social media posts I guess this wouldn’t happen. Try and post on their Facebook group about a genuine question and it never gets approved 🤷♂️
To your point, this is a software based company. Showing a login/password for their crash log repository (which is gmail and not even their own domain) and storing user networks and passwords in plain text. Wow. Not sure what else to say. And people expect these guys to deliver firmware updates someday that still don’t have functionality they’ve promised for years? Really?
I have been saying that this type of breach could and would happen for three plus years to one of these companies!!! I even contacted them and it fell on deaf ears. I even approached a tech investor to create a product to prevent this problem from happening! BTW, all these companies with rig sharing forums, what would happen if these executable files contained malware or malicious code and it gets into your computer or “rig” manager, will antivirus software prevent it from infecting your computer or worse yet your digital amplifier?😢
Wait...They used `curl -k` to load a firmware? The flag that says `INSECURE` in the curl manual? With a paragraph `WARNING: using this option makes the transfer insecure.`. I don't even know where to begin...m(
This is a different aspect though, and unrelated to customer data leaking here. This would help you trick the QC into loading a custom firmware from your own server, which would enable the whole OpenCortex thing to happen (homebrew is arguably a good thing..) But of course in theory if you were in control of the network the QC was connected to, then you could potentially serve it a malicious firmware that does stuff like prompt for credit card details on screen and other random crap
The real sin here is to use subprocess to spawn curl out of Python when Python is perfectly capable of natively handling HTTP downloads, monitor them, recover from errors… If they knew what they were doing, they wouldn't need such a kludge to mitigate TLS certificates issues that can sometimes pop up (Incorrect date/time on the device, device with outdated certificates…). Also: signing firmwares, anyone?
Neural DSP seems like money grubbing company that doesn't care about its users. Lots of promises and not much delivery. They're basically a marketing company now repackaging the same tech over and over and spinning it to their customer with a different artist's name on top it.
Call me naive (or just old), but why does an amp modeller need to connect to the internet? Isn't that a little like connecting your toothbrush to the internet?
The sooner organisations adopt this policy the better. It's not a matter of 'if you get hacked', but 'when you get hacked'. Having a solid mitigation policy for this eventuality is basically mandatory.
@@kcussrebutuemos4815 That excuse doesn't work. This was a design flaw from the jump. The data never needed to be on the device at all. And this went through design, development, and two years of production before they even addressed it (even after repeated warnings). Most software companies are wise enough to know that if you don't address an issue like this immediately your reputation is in the toilet, and most software companies also tend to hire programmers who are well aware of the most basic rules of writing code. This was a violation of even the most basic software design practices. User data, secure connections such as email or ODBC connection, or any data going from the unit to the company at all should absolutely be encrypted. This would be the equivalent of RUclips or Facebook not employing HTTPS. Or better yet, storing your passwords in plain text on their servers and handing hackers a backdoor to their network. You just don't do it.🙄
Anything "Digitial" can/will be hacked and guitar companies aren't cyber security firms and never will be. Never mind their planned and programmed obsolescence. Just when you though tube amps were obsolete....
NeuralDSP has been slacking pretty hard since 2020. I don't blame them because there was a fucking pandemic going on, and everyone lost sense of how to function on a day to day basis. I remember back in 2018 and 2019, when the Darkglass Suite, the Nameless Suite, the Plini and Nolly plugins first came out, NeuralDSP was really shaping up to be the leader in the niche of ITB guitar signal chain. Their ambition to break into the hardware market with QC was understandably ambitious, although in hindsight they definitely punched way above their weight - they did not have the logistics, human resources and manufacturing capacities to deliver QC, like how Line 6 delivered Helix or how Kemper delivered KPA. They still make good quality plugins, I'll give them that, but delaying the plugin updates, watering down/delaying QC features and now this...man, their future looks pretty shaky to me.
As long as they keep releasing archetypes they'll be fine because all guitar players have people they are complete fanboys for and you gotta buy one sooner or later 😂😂 they got me with the Abasi for example and STL got me with Andy James, I'm not buying any more though.
Best way to secure your personal information in cases like these are not being able to afford the unit.
So best thing to do is become woke so your broke? 😂
Way ahead of you 😂
Everytime you get on your cell phone you’re giving out info. Facebook, Instagram, Tik Tok and more plus random websites.
Marked safe.
Except in this day and age not being able to afford something doesn't stop people. That's what credit cards are for. That is the new heroin.
So glad that security vulnerabilities in *guitar pedals* is a thing we have to worry about now...
Guitar pedals, lightbulbs, fridges...
Fun fact, there's *pacemakers* that have been hacked.
Almost all modern pacemakers/defibrillators "phone home" to the hospital that installed them, for the purpose of monitoring that the device is still functioning properly and notifying the patient if something isn't quite right anymore (or, in the case of a defibrillator, logging when it activates so both the hospital and the patient can track when the device acts to keep them alive).
At some point in 2017, a hacker found out that he could "intercept" the data being sent out and access both the sensitive medical data and the current GPS coordinates of the device.
Potentially even worse was a specific pacemaker (which was very swiftly recalled) that you could remotely deactivate or cause to send test-shocks, thereby potentially causing a heart-attack in the patient, via a specially crafted SMS.
In most all other cases you don't, as other companies weren't colossally dumb enough to store that information directly on their device. And then to add insult to injury by giving said device WiFi capability and the ability to phone home to the company. And the icing on the shit cake that Neural DSP baked? They didn't encrypt a stich of it....... Nah, this isn't a digital vs. analogue issue, this isn't a guitar pedal issue, this is a Neural DSP issue.
Yeah, create a separate Wifi network for Internet of Things devices (which this would fall under). And make real passwords for your wifi, not your address, birthdays, etc.
@@Scott__C I think you missed my point. Yeah, take precautions with IoT devices. But you know what's even easier? A guitar pedal that doesn't support any kind of network access at all. Instead of defending against the attack vector, eliminate it entirely. I guarantee you that I am 100% rock-solid safe from attacks via a Boss CH-1...
12AX7s dont hold your credit card information. Just saying.
The only problem is they’re kind of tough to get now, thanks to sanctions.
Are you sure? 😅
Also, still running on a 1984 firmware update 🤘👍
The place you buy them from does....
Beat me to it.
Apple and other computer companies actually have a bounty system for people that find this kind of issue and fix it ASAP. For Neural DSP to ignore it is REALLY REALLY bad.
That's actually a very sound business practice. Providing a monetary incentive for people to act "honestly."
@@castleanthrax1833 They're not ignoring it?
@@DaveAksteter I'm not really sure what it is that you're asking me.
They did not ignore it. You’re joking if you think you’re not giving out your info everytime you’re on ur computer or cell. Every website is a challenge and risk. Wake up. Neural gave out emails big deal.
@Kcussrebutuemos You're joking if you think that not encrypting the information contained in these systems is anything other than lacklustre and shoddy.
Getting your identity stolen by a guitar amp is crazy 😂
Lolz
lol, soon you'll have to debate and convince them to start working. If it's having a bad day, you're out of luck my dude.
Your cell does it everyday. It’s not an amp. It was weeks ago. Fixed. Nothing happened. Like what T-Mobile did to us giving out our Social Security number to thieves every single one of us. That means someone can steal our identity that’s a big deal. You have to do a lot to protect your identity after that happens it takes days this was nothing. Nothing happened yes they should’ve encrypted your email and Wi-Fi password so if somebody comes in to your house to ask for your Wi-Fi password tell them no. Every single time you go on the cell phone you’re giving out information about yourself. TikTok has been removed already from one state in the US you are giving your information to China. There are thieves all over your cell phone in every website and app you can look up which apps to stay off of. My dude.
Near enough every company demands a wealth of personal information before having the grace to allow you to use (under license) the software you've paid for. We've been so enamoured by technology and what it can offer, we have rolled over and given in to these demands just to get our hands upon it. Even something like loosing a phone which would of been a sickener at any time, now could have massive implications. The only way of effecting change would be a point blank refusal to play the game as such until this system changes, but unfortunately this will never happen.
Another interesting article KDH thanks.
WOULD'VE been, yes.
As someone in charge of managing vulnerabilities and exploits in a commercial setting this is always terrifying.
My late 90s tube amp just guessed my mothers maiden name and first pet…
My late 90's tube Amp can fry eggs !
This is inexcusable. Security is a must in this digital age. Places spend millions hardening their systems these days. You are correct though. The Hacks could have been so much worse. I wonder if someone was hacked, and for example lost money from their bank account ,and it was tracked back to NDSP if they would be liable for it being that they knew MONTHS ago. They should have issued a hot fix for it the second they knew about it.
Absolutely nothing in the digital realm is secure.
Also…good to see you active on YT Lucas!
@@charlesrocks thank you.
As breaches go, this is pretty minor - it's names, email addresses and WiFi passwords. Yes, shouldn't happen but it's nothing like as scary as being portrayed nor does it pose a real threat. Access to my WiFi does not grant access to my bank account, no matter how sophisticated the hacker. My email address contains my name and has already been leaked in hundreds of other leaks. I get many fishing emails a day.
Shouldn't happen but it's a total nothing burger.
@@robinr22 exactly. Bigger breaches. But kdh gets views. I wish he’d try the quad.
I am a development lead for 2 software teams for an international telecommunications company. We often get complains about the effort we make, yep, even to make 'things' secure. What I hear here is just unprofessional. Or naive. Or a mixture of both. Then again, stupid things do happen. So... I hope someone over there wakes up.
I was so excited to go get the QC. I have been debating that or the helix for the longest time. Good thing I saw this because now it’s not even a decision anymore
Yes get the crappy helix it’s awful. Over a WiFi password that may that’s Jay have gotten out. They can’t do anything with it. But til tok has your info and every other app you’ve been on.
Get Kemper...liquid profiling is coming!
Upvote this, let it get around.
Trust is earned. Neural DSP has unearned it before they were able to earn it. Nice work! One less company's products I'll pay any attention to.
So you're going to ignore a great product despite the fact the issue is fixed? Something tells me you own a rival product and just want to have a good dig like apple fan girls slag off Android phones
@@neildeakin4454 Nice fan fiction, loser
@@neildeakin4454 it wasn't an accident. Stealing people's data is what scumbags do these days. I'm sure they got funding to build the product by the endorsers. Neural is a new company, track records matter. And I guarantee it was intentional.
Im sure they are absolutely shaking
With that mentality don’t use any tech that’s out in the world. Literally every major company and below have been hacked and have had your information exposed.
You know what problems I don't have with my analog equipment? Security vulnerabilities. LOL.
You know what problems I don't have with my Fractal equipment? Security vulnerabilities. And I don't have to lug around a boat anchor. :)
@@brianjones8432 are you sure? as someone who works in tech, everything digital is doing shady stuff and vulnerabilities ALWAYS exist, they just haven't been discovered.
@@shekador If you don't have to use wifi or connect an account, how much shady stuff can be done though?
@@AtomicMeatballGuitar good point, but what about firmware updates?
I'm a Computer Science student right now, and while I haven't learned how to encrypt data yet, I'm legit terrified. I've been using their plugins now for years, and have told a lot of good things about them to my friends. Hearing that they didn't encrypt their data, send major red flags. It legitmately could cost them my future business because they choose to not encrypt their data. This is literally Cyberscurity 101.
Network security operator here: You don't have to encrypt ALL your data, but goddamn you should store your data securely. That does include ENCRYPTING YOUR OWN FUCKING PASSWORD or finding another way to send info to your servers.
Maybe Neural DSP thinks their device is not of interest to hackers and the like, and plan to fix that when they do the bulk of the QC work?
@@kennylongnose4001 Talk about treading water.
@@kennylongnose4001 Then that would almost be worse. You're talking about passwords (that should absolutely be encrypted) to multiple user accounts and official company accounts. And that's been available to a hacker on a whim since 2021. That's just an insane level of incompetence and lack of care for your customer.
@kennylongnose4001 Keeping Customer data safe should be their #1 priority. They shouldn't purposely not fix the issue because maybe "hackers won't be interested"
Oof I think this qualifies as a pretty serious GDPR violation, considering they were notified months ago and didn't release a report until now. I wonder if the EU will come for them on that front
I am afraid, EU is too busy with bigger players and GDPR violations of wider ranges, affecting millions of customers, not just some thousands.
So, NDSP may feel relaxed about this (for now) but their reputation as vendor and technology driver is in free fall and those who work for this company (potentially) may face issues as well in future if these try to apply for jobs of companies who take more care about security and privacy of end customers.
A technically experienced recruiter could use this easily for interesting questions.
This is serious and nobody can hide behind a policy of an (ex-)employer.
I've been working in IT for 30 years and this is disgustingly bad technology. They should be ashamed of themselves.
I used this information to access Dave Mustaine's quad cortex. It snarled at me, then kicked my ass.
I'm going stick to analog gear, I don't need this headache.
No headache with Line 6 Helix over here😅
Analog stomp boxes are superior And are not tacky
@@jerrymartinez2160 idk man some of those paint jobs are super gaudy
You already have this headache. Every free service on the internet takes your data, and there are constant leaks. You're never safe.
I hear you man. Theres always someone to say what about servicing/repair headaches over the years but thats just called looking after your kit. You dont mind that over software hassle, computers, things becoming outdated and devalued by newer versions etc.
Good thing I don't have to worry about security breaches with my 6534+.
remember about the TSA 'no fly' list was leaked after being found on unsecured airline server?
one would hope they would audit security
"Neural DSP is committed to providing the most safe and secure experience for our customers, we implement state of the art clear text technologies to ensure user data is ubiquitous to the outside world"
😂😂😂
So, what you're telling me is that my valve amps are way more secure than digital modellers.
no, only than quadcortex
@@MrBurakOzel Go on, then. Hack into my DSL100.
If you tell me where you live, I'll bring around an axe and hack into anything you like.😮
@@f0rth3l0v30fchr15t Hack into my Fractal...... Good luck, there's no user data stored there. As I've said many times in other threads here, this is a Neural DSP design problem, not a tube vs. digital problem.
@@brianjones8432 Just because there's no user data doesn't mean it can't be hacked. Just means the only reason to do it is spite.
Back in olden times, we used to worry about a preamp tube going out, now we worry about a digital processor leaking our personal information,
I just had a leak before watching this video
always amazed by how well-researched and cleaely presented your videos are
Boy I sure do worry that Marshall and Fender never put into place any encryption on my vintage tube amps! What am I gonna do????
Or had they been smart, like say Fractal did with their products, they just wouldn't store that information on the unit. This isn't a tube vs. digital thing, it's a design issue.
Turn them off. Wait for 10 seconds then turn them on again while putting one finger in your right ear and singing "The Star Spangled Banner". This will reset the chipset and ensure that your data is properly secured.
This is for the Fender obviously. For the Marshall you need to put a finger in your LEFT ear and sing "God Save the King"
@@jonniegibbins Or 'God Save my Tubes'...... Either might work. :)
Get them, KDH!🤘
Just another reason I'm glad I chose the Helix Floor!
I heard about a company that got hacked and lost millions, by using a wifi connected coffee machine. ANYTHING with wifi, that doesn't have anti virus software, IS a backdoor. If Neural is guilty is are MANY companies. Printers are notoriously easy to use as a backdoor because they're now about ALL connected to wifi. Maybe Neural is not taking it very seriously, and they SHOULD, but from the very start of getting one I though "oh, this has wifi, I should keep this unconnected because I'm sure it has no anti virus software, and remember the coffee machine incident." Basic internet security. My question now, is: When you tether your QC to the internet using your computer instead of wifi, is it still vulnerable? Or is it safe because it's coming through your computer with antivirus software? And when are they finally going to put anti virus software in place? That I would like to know.
LMAO just more reason for me to stick with my old 5150 and Peavey Bandit. Keep chasing that dragon, kids.
Bandits kick ass!
@@chiefpotpipe Yeah they do! Really underrated clean tone that is a great pedal platform, and the overdrive channel is also really good. Plus, they're loud as fuck lol
That is a monumental fuck up. I’m going to stay clear of all neural dsp products and plugins for good. The attitude of that company is someting else. They have some neck.
“Public Pressure” 😂😂😂 f’IN Hell.
every week i get mail from every service ive used in the past 15 years that "my data may be at risk" from a security breach.
I'm pretty sure this is a huge breach of GDPR, they could be in some trouble for this
They will be, fines for GDPR breaches are huge.
😂who will hold them accountable !?
@@AuntAlnico4 The EU, since it´s EU law. Since they do business in the EU, they have to abide by EU law.
@@Kynos1 the eu is super strict with this shit too
@PugnaciousBadger so the EU will hold court in EU according to EU laws in a jury of ppl from the EU because neural dsp operates within the EU?
Bueller? Bueller? Love it. 😂
i don’t know much about tech, but even i know all information should be encrypted. can’t believe a company did this.
Man, this sucks!! Neural DSP has to boot someone over this. Basic 101 security protocols ignored. Wow
Sounds like the customer's wifi passwords were always sent to Neural DSP when they sent a crash log? That alone is a HUGE privacy issue. Even if that data had never been accessible by anyone outside of Neural DSP, the company should not collect customer data as sensible as this. Also having an email password hard-coded and basically accessible by anyone...
Seems like they didn't have the slightest clue about security best practices and just chose to ignore that.
Or they just collect everything like everyone else !?
Not starting to tackle this issue when first notified about it is like letting a crack in the dam get bigger and bigger until you see some water leaking through it. Wtf Neural.
These days most organisations have a responsible disclosure policy in place. This means that hackers/scriptkiddies can formally report any vulnerability they find and often get rewarded for it. The fact that Neural hasn't shown the slightest bit of appreciation for these hackers that tried to help them(for free) is concerning.
A good preamp pedal, an eq pedal and a seymour Duncan powerstage. Minimal, lightweight and versatile analogue travel rig.
Can’t believe people throw money at companies like this 😂 😅 🤷🏻♂️👍🏻
Also as a dev for systems that handle very secure data my guess is management said “why do we care about security?!”
Makes me happy that I saved a grand and picked up a FM3 instead of the QC
Holy hell. This is absolutely inexcusable for a company like that. Thank you for this info and update Kallen.
He’s about 2? Weeks Kate and he knows it’s not a big deal. Change your WiFi password if that. It was fixed weeks ago and he’s just finding out about it now but doesn’t mention any other breaches that are done on the daily on every app you go on like TikTok today it was banned in Wyoming Facebook has done this and other apps, I’m not gonna keep repeating myself you have to give him more information out than you realize, every time you go on some random website you’re risking giving out your information they already have a lot of your info T-Mobile has already given out all our Social Security numbers to somebody who gave them out to the dark web. Do you know what we had to go through with that was freezing credit, etc. wake up. Geez.
Excellent reporting, one of your best. I think, for the most part you really captured the heart of the issue. I am perhaps a bit more charitable with Neural than you. I have been doing computer security for a lot of years and I have seen this kind of thing over and over. Bad security is far more common than good security. I would really like to see Neural come out with specifics on what they are going to do to prevent this in the future. They definitely need to rebuild trust.
I work in the same field, and it's pretty rare to see this level of incompetence. Not even encrypting personal user data on the device (programming 101)? That means it went through an entire dev team, their management, and mind you this is through an entire design and production cycle, and no one caught this or thought it was important on the device? And to make it worse, it's been out in the world completely unaddressed for 2 years even after the company has been explicitly warned. That's just clown world stupidity across the board and companywide.
@@brianjones8432 you think this is bad you should see the what I have found in medical devices. ;-)
@@raymondforbes4295 Oh I know, I've visited my share of NOC's in my time and seen horrendous practices, but this is a bit different. This went through it's entire development cycle (years) and they didn't even design with the security in mind, much less catch that mistake somewhere along the way. Hilarious part being that it's flat out bad design anyway. Why would you have the unit store this information at all? Why would you use WiFi as your chosen connection method rather than BT or USB for the editor and firmware updates? The unit shouldn't ever have to contact Neural DSP. Just crazy stuff man.
@@brianjones8432 I mean, they had the password for their gmail account just plain text on the device. heh. It is pretty clear there is nobody there really thinking about security. I did mail them a couple years ago asking if they were going to open up position focusing on security. I never got a response back.
This is very common and at least they’re being honest as to what happened and they fixed the problem weeks ago and again for the third time and by the way this is going on with you all the time you just don’t know it why do you think they just removed TikTok in one of the states in the US? T-Mobile gave out our Social Security number there was a giant breach. I didn’t hear this much about it as I did about the quad cortex which was not a really horrible thing change your Wi-Fi password if you’re that concerned. Meanwhile, we had to freeze our credit we had to put fraud alerts out we have to check every month to see what’s going on. Giving out a social security number by a company as big as T-Mobile. Where’s the anger for them?!! I was infuriated with T-Mobile you don’t think that they would know better they’re a huge company. This is going on all the time every time you take a chance and go on some random website it could happen. Yes they should’ve known better well now they do. I still don’t think anything was stolen from them. I already had a talk with them. I think they feel pretty confident that things are OK update their latest update which you should’ve got another notification. There were 2. One fixed that security issue and one fixed another simple issue.
Just get a Kemper. 10 years later still getting awesome updates.
Yeah like getting basic features like USB audio, awesome!
@@KingKong-mp6gj USB audio isn't really a basic feature. In the synth world the vast majority of synths do not support audio over USB still
@@KingKong-mp6gj That is for home users not pros.. just saying.
@@KingKong-mp6gj liquid profiling is coming, you ape!
I was considering buying this unit. Nope this turned me off. Kemper it is. Thanks for reporting this.
How’s about doing everything possible to deeply evaluate your attitude and priorities with respect customer data security? Seems like that’s where you need to start rather than with your systems and the Quad Cortex itself. Get your attitude right and you’re more likely to get your systems right 🤷🏼♂️
Nice, i'm gonna buy a Fractal!
This is just crazy. Who the hell doesn't encrypt that kind of data?? Sensitive user data or connection creds from the company itself?? That's programming 101 to secure that stuff. Between this and all the other issues why would anyone still own one of these things. The company is literally screaming "I could care less about your privacy or features" at this point. Again, so happy I'm not a Quad Cortex owner. Never had any issues like this with Fractal.
Do you work as a programmer? Companies are completely reckless with security and user data, they don't care until they get bad PR from a leak. I would have hoped that a smaller company like Neural DSP would have been better though.
@@pigbenis274 This isn't rocket science, they blatantly ignored some pretty basic security and privacy measures.
@@pigbenis274 No, I've worked in support of large teams of programmers. I'm on the server support and NOC security side. And from what I can tell it's amateur hour at Neural DSP. Saying "all companies do this" tells me you just don't know what you're talking about. Anyone who left security breaches this basic open on any job I've been involved with would be crucified. This is some of the most basic security you provide in software (securing email connections, ODBC connections, private user data). Every stitch of that should be encrypted. This also tells me it got past their QC, which means not only was their source coding team ridiculously stupid, management for their entire programming division and product development were idiots as well. These are rookie mistakes.
Amateurs
@@stallionstudios Yep, pretty much. I mean it's just bad design anyway. They didn't have to ever have the unit contact Neural at all. Nor did they need to use WIFI. Fractal just connects to the computer for the editor and firmware and stores no user data at all. Can't speak to Kemper and others but I would suspect it's the same. This is just complete incompetence in design of the damn thing.🙄
Get Kemper...liquid profiling is coming! Also, ecosystem....is better....Kemper Kone/Cabinet does FRFR + cab in the room.
I had always thought about ditching my helix and getting a quad cortex cos its a little smaller footprint. Glad I didn't
I'd be mad if this didn't happen with literally every company that's ever had access to my data. Definitely something they need to never have happen again, but I'm not surprised it took more public pressure for them to actually get to it. Truly unfortunate but still the best out on the market right now
This doesn't happen with every other company that has access to your data. That's a made up idea to make this not seem so bad. This is both lazy and shoddy work.
@@PaulLembo I mean it happens with a VAST majority of them, much bigger companies than you'd expect too. Denying so is just odd. It's 100% lazy and shoddy but nothing that surprises me one bit considering how small they are in comparison to companies that still have similar issues. I think it being locked behind the skill gap of mainly being used by skilled musicians and the paywall of $1800+ saved everyone from getting their identity stolen out of this by some "bad hacker"
Sooo glad I went Fractal
Those good guys you're talking about, they're called "White Hats." Hackers that look for security vulnerabilities (because it's fun for them, usually) and when they find something, they report it to someone who should be able to notify someone who is responsible for fixing it.
Typically, if there's a vulnerability in something, you typically want a White Hat to find it first, since by definition, they're not looking to abuse it.
Jeesus F christ.... Thanks KDH for this video! I'll be sure to think twice before buying any more Neural products.
Other than being more expensive, how exactly is this unit better than the NUX MG-300? The NUX already has a desktop editor, and it had one years ago. It's also nearly twenty times cheaper than the Quad Cortex. And it doesn't have similar security issues.
I have one of those. NuX makes some pretty good stuff. 🎉
I'm not a big fan of NDSP but this is just a stupid comparison
@bleh That's the way, mate. Your critical thinking skills are amazing.
@@castleanthrax1833 the nux doesn't have profiling which is like... One of the biggest features of the QC and why it was hyped up as much as it was. Again - stupid comparison and the nux is just not a contender.
@bleh I didn't say it was, but just say a comparison is stupid without offering any reason why it is stupid isn't contributing anything.
This why I've predominantly returned to amps and analog equipment, I foresaw this being an issue 10-15 years ago when modeling units began to have early forms of internet connectivity. Also, the stack of useless units in my closet due to device power issues, software issues, awful dated tones, irreparable damage.. the amount of money I spent on that gear for the return it gave me is pretty depressing. My amps and pedals? I plug them in and play, and they sound the same as they did twenty years ago.
They're more fun too. 🎉🎉🎉
Man, this unit hasn’t had a good slog of it has it? First it had a delayed launch which limited its market share considerably, overpromised features at launch that still haven’t been implemented and the features that are there have their abilities exceeded by competitors, a price only the affluent can part with and now a major security breach which had the potential for massive fraud and even identity theft. GG, that’s just impressive.
Considering all of these security flaws, it’s a wonder no one can crack the DRM on Neural’s software. They have that stuff on lock (good) but somehow QC was borked? I’m really glad I waited a year or so before I pulled the trigger on a multi.
@@handicappedhoods What? Lots of pirated stuff out there. I do own Imperial MKII and Cory Wong archetype. But they can easily be cracked.
LMAO at the QC fanboys saying this was a "Kemper Killer", yada yada yada. Neural dug their own grave. Others have jumped ship to the Tonex...and Kemper is still getting updates and new features.
My Mesa Boogie doesn’t have this problem. 🤣👌
The longer this goes on, the more I'm convinced Neural DSP is basically just a bunch of cargo cult programmers and terribly ineffectual management, in constant panic/rush mode. And as someone said below: the GDPR implications of this are going to bite Neural DSP VERY hard, GDPR is 100% unforgiving. That's a 10million euro fine minimum.
Neural's company bank account PIN is probably 1234.
That's why I use a Princeton.
Sounds to me like they changed the password for the Gmail account! Problem solved! Presumably, version 2.0.2 contains the updated password?
We should find out soon. I can only imagine these are being torn apart now. I mean as far as high value targets go, professional recording studios would be up there.
5:05
That’s not true at all though? Sniffing network traffic wouldn’t work with everything using https, and computers dont usually have open ports allowing free access either.
My tube amps need no login/wifi/reports and other bs - thx so much KDH
My Marshall tube amp never tried to hack me 😉😆
I'm starting to look at my old Boss GT-8 very fondly right about now.
Since the Sony PSN breach this kind of negligence is unacceptable. Neural needs to get their stuff together.
My tube amp will never sell me out 🤷🏻♂️
The place you bought it from will....
@@algorithm007ify
Unless you paid in cash.
"the cloud"... screw the cloud!! If you can, leave everything on physical storage!
Ugh not surprised, if they spent as much time on actual things like this rather than moderating their social media posts I guess this wouldn’t happen. Try and post on their Facebook group about a genuine question and it never gets approved 🤷♂️
To your point, this is a software based company. Showing a login/password for their crash log repository (which is gmail and not even their own domain) and storing user networks and passwords in plain text. Wow. Not sure what else to say. And people expect these guys to deliver firmware updates someday that still don’t have functionality they’ve promised for years? Really?
Am I the only person looking at all of their analog gear and smiling?
Okay but what information is anyone getting from your quad cortex out at a gig?
I have been saying that this type of breach could and would happen for three plus years to one of these companies!!!
I even contacted them and it fell on deaf ears.
I even approached a tech investor to create a product to prevent this problem from happening!
BTW, all these companies with rig sharing forums, what would happen if these executable files contained malware or malicious code and it gets into your computer or “rig” manager, will antivirus software prevent it from infecting your computer or worse yet your digital amplifier?😢
They should have publicly thanked the hackers.
Hard coded gmail password?! Lmao! Who the hell did they hire as developers for this thing?
Neural DSP is acting like they really can’t be bothered and want people to buy a ToneX.
Why the hell is any of this information in a guitar pedal that can't even connect to a computer yet?
This is why I'm happy I switched from plugins to good ol tube amps
My Marshalls or Peaveys never gave out my information, am I missing out?
Remember when digital gear was supposed to be more convenient than analog?
Yeah I'd say they're even now
Good, that I never bought into the hype... I always found the marketing for the QC and the entire product premise fishy.
Same thing going on with Tone-X right now, shilling and hype everywhere
@@Wagoo Yes. Tonex advertisement gets grating at this point. However, Tonex delivers what it promises and has no Wi-Fi…
Wait...They used `curl -k` to load a firmware? The flag that says `INSECURE` in the curl manual? With a paragraph `WARNING: using this option makes the transfer insecure.`. I don't even know where to begin...m(
This is a different aspect though, and unrelated to customer data leaking here. This would help you trick the QC into loading a custom firmware from your own server, which would enable the whole OpenCortex thing to happen (homebrew is arguably a good thing..)
But of course in theory if you were in control of the network the QC was connected to, then you could potentially serve it a malicious firmware that does stuff like prompt for credit card details on screen and other random crap
@@Wagoo Yeah, I think its a pretty good indicator where NeuralDSP should be ranked on the security and/or privacy landscape.
The real sin here is to use subprocess to spawn curl out of Python when Python is perfectly capable of natively handling HTTP downloads, monitor them, recover from errors… If they knew what they were doing, they wouldn't need such a kludge to mitigate TLS certificates issues that can sometimes pop up (Incorrect date/time on the device, device with outdated certificates…). Also: signing firmwares, anyone?
Neural DSP seems like money grubbing company that doesn't care about its users. Lots of promises and not much delivery. They're basically a marketing company now repackaging the same tech over and over and spinning it to their customer with a different artist's name on top it.
Another reason to keep using physical amps and effects pedals.
Call me naive (or just old), but why does an amp modeller need to connect to the internet?
Isn't that a little like connecting your toothbrush to the internet?
I hate customer data collection. I should be able to buy software and hardware without having to submit personal data.
this is the reason im not spending 2k on an unfinished product
5/5 they issued 6:34 update 2.0.2 to remedy.
Everything that connects to the internet is a new security risk
The sooner organisations adopt this policy the better. It's not a matter of 'if you get hacked', but 'when you get hacked'. Having a solid mitigation policy for this eventuality is basically mandatory.
Ooooh, that means they could hide behind my entrance door and use my wifi to browse the internet without my consent... man that's deeply concerning 🤣
Makes me wonder if owning one of their plugins exposes users in this same way. Makes me want to uninstall everything I own from them.
Maybe there's someone "out there" that's trying to find the answer to your query right now? I hope their intentions are on the altruistic side.
Your tik Tok? Your other apps? You’re concerned about the wrong thing.
@@kcussrebutuemos4815 That excuse doesn't work. This was a design flaw from the jump. The data never needed to be on the device at all. And this went through design, development, and two years of production before they even addressed it (even after repeated warnings). Most software companies are wise enough to know that if you don't address an issue like this immediately your reputation is in the toilet, and most software companies also tend to hire programmers who are well aware of the most basic rules of writing code. This was a violation of even the most basic software design practices. User data, secure connections such as email or ODBC connection, or any data going from the unit to the company at all should absolutely be encrypted. This would be the equivalent of RUclips or Facebook not employing HTTPS. Or better yet, storing your passwords in plain text on their servers and handing hackers a backdoor to their network. You just don't do it.🙄
I love this channel LOL
Anything "Digitial" can/will be hacked and guitar companies aren't cyber security firms and never will be. Never mind their planned and programmed obsolescence. Just when you though tube amps were obsolete....
Well, time for full acoustic only.
NeuralDSP has been slacking pretty hard since 2020. I don't blame them because there was a fucking pandemic going on, and everyone lost sense of how to function on a day to day basis.
I remember back in 2018 and 2019, when the Darkglass Suite, the Nameless Suite, the Plini and Nolly plugins first came out, NeuralDSP was really shaping up to be the leader in the niche of ITB guitar signal chain. Their ambition to break into the hardware market with QC was understandably ambitious, although in hindsight they definitely punched way above their weight - they did not have the logistics, human resources and manufacturing capacities to deliver QC, like how Line 6 delivered Helix or how Kemper delivered KPA.
They still make good quality plugins, I'll give them that, but delaying the plugin updates, watering down/delaying QC features and now this...man, their future looks pretty shaky to me.
As long as they keep releasing archetypes they'll be fine because all guitar players have people they are complete fanboys for and you gotta buy one sooner or later 😂😂
they got me with the Abasi for example and STL got me with Andy James, I'm not buying any more though.
Plus the endless samey plugins that are all standalone
Just glad my wifi password is nothing like any of my logins for other sites or services, but easily changed.