Security firm: WarezTheRemote flaw could turn a Comcast remote into a listening device

Could your cable TV device spy on you? Vulnerability found and patched in Comcast TV remote.

guardiacore.jpg

Security researchers at Guardicore reverse-engineered the firmware update process for a popular Comcast remote to turn the device into a spying tool.

Image: Guardicore

Security firm Guardicore reverse-engineered the firmware update process for Comcast’s XR11 remote to take control of the device. Researchers interrupted the process to turn the voice-control element of the remote into a listening device.

Once the malicious firmware update was in place, researchers used a 16dBi antenna and were able to listen to conversations inside a house from about 65 feet away.

The WarezTheRemote attack could have affected the 18 million remotes in use around the US. After Guardicore disclosed the vulnerability to Comcast, the company developed a fix that was deployed to all units by the end of September. 

SEE: Social engineering: A cheat sheet for business professionals (free

Read More