GuardiCore Uncovers Serious Flaw In Comcast Remotes


The Israeli cyber firm found a way the remotes could be used to spy on people.

Israeli Security firm Guardicore was able to reverse engineer the new firmware update process for Comcast’s XR11 remote in such a way that turns its voice operated control into a bug to listen in on a user.

The company released a paper today about how it uncovered the security breach which could turn your remote into a listening device. What’s that they say about paranoids? Just because someone is paranoid does not mean that they are not really being watched by someone. Go now and watch Francis Ford Coppola’s brilliant Oscar nominated movie “The Conversation” which stared Gene Hackman and you will understand.

The company stated that prior to its remediation by Comcast, the attack, dubbed WarezTheRemote, was a “very real security threat: with more than 18 million units deployed across homes in the USA, the XR11 is one of the most widespread remote controls in existence.”

GuardiCore Website

The attack did not require physical contact with the targeted remote or any interaction from the victim – any hacker with a cheap RF transceiver could have used it to take over an XR11 remote. Using a 16dBi antenna, we were able to listen to conversations happening in a house from about 65 feet away. We believe this could have been amplified easily using better equipment.

“The set-top boxes were interesting to us due to the fact that they are directly connected to the telecommunication providers’ server farms,” said Ofri Ziv, VP Security at GuardiCore. “After breaking into the set-top we decided to take a look at the remote that came with it as well. The reason for our curiosity was that the remote comes with a microphone, which makes it an attractive target due to its listening capabilities. In addition, it supports RF communication which means you can communicate with it from long distances and even through walls.”
And you were worried about Siri or the Amazon Echo!

Share and Enjoy !

Read more about: , ,

Leave a Reply

Your email address will not be published.