Israeli Security firm Guardicore was able to reverse engineer the new firmware update process for Comcast’s XR11 remote in such a way that turns its voice operated control into a bug to listen in on a user.
The company released a paper today about how it uncovered the security breach which could turn your remote into a listening device. What’s that they say about paranoids? Just because someone is paranoid does not mean that they are not really being watched by someone. Go now and watch Francis Ford Coppola’s brilliant Oscar nominated movie “The Conversation” which stared Gene Hackman and you will understand.
Will you offer us a hand? Every gift, regardless of size, fuels our future.
Your critical contribution enables us to maintain our independence from shareholders or wealthy owners, allowing us to keep up reporting without bias. It means we can continue to make Jewish Business News available to everyone.
You can support us for as little as $1 via PayPal at office@jewishbusinessnews.com.
Thank you.
The company stated that prior to its remediation by Comcast, the attack, dubbed WarezTheRemote, was a “very real security threat: with more than 18 million units deployed across homes in the USA, the XR11 is one of the most widespread remote controls in existence.”
GuardiCore Website
The attack did not require physical contact with the targeted remote or any interaction from the victim – any hacker with a cheap RF transceiver could have used it to take over an XR11 remote. Using a 16dBi antenna, we were able to listen to conversations happening in a house from about 65 feet away. We believe this could have been amplified easily using better equipment.
–
???? Guardicore discovered a new #attack vector on Comcast’s XR11 voice remote that would have allowed attackers to turn it into a listening device – potentially invading your #privacy in your living room: https://t.co/Bons8CwyfI#Comcast #CyberAttack #Privacy pic.twitter.com/OCUOezL36M
— Guardicore (@Guardicore) October 7, 2020
“The set-top boxes were interesting to us due to the fact that they are directly connected to the telecommunication providers’ server farms,” said Ofri Ziv, VP Security at GuardiCore. “After breaking into the set-top we decided to take a look at the remote that came with it as well. The reason for our curiosity was that the remote comes with a microphone, which makes it an attractive target due to its listening capabilities. In addition, it supports RF communication which means you can communicate with it from long distances and even through walls.”
And you were worried about Siri or the Amazon Echo!
