Security News > 2020 > October > Security firm: WarezTheRemote flaw could turn a Comcast remote into a listening device
2020-10-07 13:06
Could your cable TV device spy on you? Vulnerability found and patched in Comcast TV remote.
Security firm Guardicore reverse-engineered the firmware update process for Comcast's XR11 remote to take control of the device.
Researchers interrupted the process to turn the voice-control element of the remote into a listening device.
As the researchers wrote in the research paper on the vulnerability, "RF enables contact with the remote from afar, which makes for a larger attack surface than a remote control would otherwise have, and the recording capability makes it a high-value target."
An attacker within RF range could have responded to outgoing requests from the remote in plaintext, the remote would have accepted the malicious requests.