Comcast was forced to patch a vulnerability within its XR11 voice remote that could allow for an outside actor to spy on the user. According to Guardicore, this attack vector – dubbed “WarezTheRemote” – allowed an attacker to use the TV remote control to “turn it into a listening device — potentially invading your privacy.”
WarezTheRemote employed a “man-in-the-middle” attack to exploit radio frequency communication with the set-top box, over-the-air firmware upgrades and other tactics to push malicious firmware to the device. Thus, the hacker can record and collect audio without user interaction. The attack, it should be noted, did not require physical contact with the remote or other interaction with the victim. Guardicore noted that it was able to use a 16dBi antenna to listen to conversations in a residence 65 feet away, with the potential for amplification when using improved equipment
Comcast’s security team worked with Guardicore to release fixes for the issue. More than 18 million XR11 units are in use in the U.S., making it, as Guardicore noted, “one of the most widespread remote controls in existence.”