Infosec researchers pwned Comcast's voice-activated remote control so it could snoop on household chit-chat

2020-10-07 13:02

A voice-activated TV remote can be turned into a covert home surveillance device, according to researchers from infosec firm Guardicore who probed the device to show that a man-in-the-middle attack could compromise it.

Guardicore discovered an attack vector on US telco giant Comcast's Xfinity XR11 voice remote - of which around 18 million units have been sold - that allowed malicious people to turn it into an eavesdropping device.

Dubbing the attack method WarezTheRemote, researchers explained that the clicker's use of RF spectrum to communicate with its set-top box - instead of the traditional infrared systems used for telly remotes - gave them a way to use its microphone to snoop on private conversations in the home.

A vulnerability in the protocol the remote used to talk to the set-top box allowed the researchers to reflash the remote's firmware.

Using a 16dBi antenna, Guardicore was able to reliably pick up the mic from 65 feet away - raising the spectre of someone malicious sitting outside your home, in a van, eavesdropping on your sofa conversations through your remotely pwned remote control.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/10/07/comcast_xr11_voice_remote_pwnable/

#chat #comcast #infosec #researcher