Security News > 2020 > October > Infosec researchers pwned Comcast's voice-activated remote control so it could snoop on household chit-chat
A voice-activated TV remote can be turned into a covert home surveillance device, according to researchers from infosec firm Guardicore who probed the device to show that a man-in-the-middle attack could compromise it.
Guardicore discovered an attack vector on US telco giant Comcast's Xfinity XR11 voice remote - of which around 18 million units have been sold - that allowed malicious people to turn it into an eavesdropping device.
Dubbing the attack method WarezTheRemote, researchers explained that the clicker's use of RF spectrum to communicate with its set-top box - instead of the traditional infrared systems used for telly remotes - gave them a way to use its microphone to snoop on private conversations in the home.
A vulnerability in the protocol the remote used to talk to the set-top box allowed the researchers to reflash the remote's firmware.
Using a 16dBi antenna, Guardicore was able to reliably pick up the mic from 65 feet away - raising the spectre of someone malicious sitting outside your home, in a van, eavesdropping on your sofa conversations through your remotely pwned remote control.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/10/07/comcast_xr11_voice_remote_pwnable/