FOLLOW US

Tue

July 14, 2026

Investigates October 8, 2020 4 mins read

Comcast fixes voice remote vulnerability that could be exploited by drive-by-hackers

Investigates ı By Jackie Allen

0 Comments

Cybercrime-Illustration-825×510

Comcast Corporation (NASDAQ: CMCSA) acknowledged that the Xfinity voice-activated remote had a major security flaw that could allow drive-by-hackers to record and listen clearly to consumers' private conversations in their homes. 

However, the Philadelphia-based cable giant immediately took steps and fixed the vulnerability in XR11 remote control for cable TV. 

The cable giant's XR11 is an ease-of-use remote that allows users to use their voice to find the channel or content they want instead of entering the numbers or scrolling up and down on the channel guide. 

cybersecurity company based in Tel Aviv, Guardicore discovered the vulnerability and submitted an extensive report to Comcast in April.

In response to the report, the cable giant launched an investigation into the security flaw and was able to fix it last month.

On Wednesday, Guardicore researched published their report indicating that there are 18 million units of XR11 remote controls in use across the United States. It is on “one of the most widespread remote controls in existence."

The researchers also noted that most of the past research was focused on security issues affecting interconnected devices such as "smart" speakers. According to them, the Comcast XR11 does not connect to the internet but it is equipped with a radio frequency.

Comcast remote vulnerable to drive-by-hackers

Guardicore researchers used a radio receiver and an antenna to send software updates by intercepting the daily communications between the cable box and remote. They then temporarily shut down and impersonate the box sent malicious software to make the remote record and transmit audio on command, according to the cybersecurity company's senior researcher JJ Lehmann

Researchers took over the Comcast XR11 remote from 65 feet away, but if they had better equipment it would have allowed them to deploy the attack from farther away, he added.

“This is the alarming part. It conjures up the famous ‘van parked outside’ scene in every espionage film in recent memory," the researchers stated in their report. 

Also, the researchers described how drive-by-hackers outside of a target residence could install custom firmware on the remote to force it to record audio without discovery and stream it back to the bad actors. 

The attack, named “ WarezTheRemote”, requires no interaction with the victim and would be very cheap to carry out. All the hackers would need is a low-priced RF transceiver and antenna. It can be remotely launched but requires physical distance not to exceed 65 feet.

Comcast statement outlines the “fix”

In a statement, Comcast said a comprehensive review of the security was conducted. The company found no evidence that its customers' privacy was compromised due to the vulnerability. 

Comcast also reassured customers that the recent fix prevents the attack described in Guardcore’s report. The “fix” provides another layer of security. The company also noted that Guardcore researchers hacked an older model of the remote. It is no longer shipping that model to customers. 

“Technologists for both Comcast and Guardicore confirmed that Comcast’s remediation not only prevents the attack described in this paper but also provides additional security against future attempts to deliver unsigned firmware to the X1 Voice Remote.

“Nothing is more important than keeping our customers safe and secure, and we appreciate Guardicore for bringing this issue to our attention,” according to the cable giant.

Pandemic increases the risk of hacking

This year Americans have been getting warnings that our IoT devices might be spying on us. Many common electronics are highly vulnerable to hacking or even allowing open access to the technology provider.

Interpol warned that during the coronavirus pandemic there is an increased number of hack attacks around the world. 

The FBI issued several advisories and warns that “hackers can use an innocent device to do a virtual drive-by of your digital life.” 

Since the pandemic, our homes are often being used as offices. Hacking private citizens at home is now more likely to compromise trade or company secrets. According to Microsoft, “the first half of 2020 saw an approximate 35% increase in total IoT attack volume compared to the second half of 2019.”

----------------------------------------

Have a story you want USA Herald to cover? Submit a tip here and if we think it's newsworthy, we'll follow up on it.

Want to contribute a story? We also accept article submissions -- check out our writer's guidelines here.

Previous Article

Citibank ordered to pay $400M penalty over its “unsafe or unsound banking practices”

Read More
3227 Posts

Jackie Allen

Jackie is a freelance journalist and technology geek. She worked as a telecom project director for AT&T and BellSouth. Before joining the USA Herald she has written books, articles, blogs and whitepapers. Her clients include Samsung and other technology companies.

Discussion

No comments yet. Be the first to join the discussion!

Don’t Miss It
America July 12, 2026
two killed in Toronto After Deadly street festival shooting
By – Rihem Akkouche
America July 12, 2026
Elephant Fire burns 4500 acres in Sierra County
By – Rihem Akkouche
Arizona January 11, 2025
Kelly Warner Law Firm Blames USA…

In what appears as a desperate attempt to defend multiple…

By – USA Herald
Arizona January 4, 2025
Aaron Kelly Law Firm Resorts To…

Attorney Aaron Kelly and his law partner Daniel Warner are…

By – Jeff Watterson
Arizona December 12, 2024
Arizona Bar Opens Investigation on Attorney…

USA Herald recently reported on a developing story involving Attorneys…

By – Paul O'Neal
America July 11, 2026
1 dead After fire at Davis…

A Saturday morning that began like any other in South…

By – Rihem Akkouche
America July 11, 2026
Apple Sues OpenAI Over Trade Secrets…

The partnership that placed ChatGPT inside hundreds of millions of…

By – Rihem Akkouche
America July 11, 2026
NYT Air Force One Subpoena Targets…

They came on a Friday evening, to the homes of…

By – Rihem Akkouche
America July 11, 2026
Gordie Howe Bridge to Open on…

Named for a hockey legend who won four Stanley Cups…

By – Rihem Akkouche
America July 11, 2026
Teen Football Player’s Death on Uninhabited…

Christine and Elmore Wonsley are not sleeping. They cannot. A…

By – Rihem Akkouche
America July 11, 2026
Hundreds Of People at Summer Camp…

The water came faster than the roads could handle and…

By – Rihem Akkouche
America July 11, 2026
Hundreds Of People at Summer Camp…

The water came faster than the roads could handle and…

By – Rihem Akkouche
America July 11, 2026
UFC Event Allegedly Targeted in White…

WASHINGTON, D.C. — A historic UFC Event held on the…

By – Jackie Allen
America July 10, 2026
Russia Sanctions Bill Gains BiPartisan as…

WASHINGTON, D.C. — Russia Sanctions legislation moved closer to becoming…

By – Jackie Allen
America July 10, 2026
Manhattanhenge 2026: Final Summer Sunset Alignment…

NEW YORK — Manhattanhenge is making its final appearance of…

By – Jackie Allen
America July 10, 2026
Jared Isaacman Says NASA Has Unexplained…

WASHINGTON, D.C. — Jared Isaacman, the administrator of NASA, says…

By – Jackie Allen
America July 9, 2026
Erika Kirk Seeks Public Release of…

Erika Kirk, the widow of Turning Point USA co-founder Charlie…

By – Jackie Allen
America July 9, 2026
Erika Kirk Seeks Public Release of…

Erika Kirk, the widow of Turning Point USA co-founder Charlie…

By – Jackie Allen
America July 9, 2026
Bonnie Tyler Remembered as Legendary Welsh…

Bonnie Tyler, the Welsh singer whose unmistakable raspy voice powered…

By – Jackie Allen
America July 9, 2026
Assault on Iran Escalates as U.S.…

The Assault on Iran intensified after the United States launched…

By – Jackie Allen
America July 9, 2026
Broadcom Deal: Apple Commits More Than…

Apple is dramatically expanding its investment in American semiconductor manufacturing…

By – Jackie Allen
America July 8, 2026
Arranged Marriage Ends in Tragedy: Amazon…

An Arranged Marriage that began in the summer of 2025…

By – Jackie Allen
America July 8, 2026
Forensic Scientist Henry Lee’s Final Interview…

A legendary Forensic Scientist whose testimony influenced some of America’s…

By – Jackie Allen
America July 8, 2026
Forensic Scientist Henry Lee’s Final Interview…

A legendary Forensic Scientist whose testimony influenced some of America’s…

By – Jackie Allen
America July 6, 2026
Accused of Rape:  Graham Platner Denies…

Accused of Rape, Maine Democratic U.S. Senate candidate Graham Platner…

By – Jackie Allen
America July 6, 2026
AI Regulation Debate Intensifies After Peter…

 The global debate over AI Regulation took a dramatic turn…

By – Jackie Allen
America July 5, 2026
California Chaos: Fourth of July Celebrations…

California Chaos unfolded across parts of Southern California during the…

By – Jackie Allen
America July 5, 2026
Paul Pelosi Faces Charge After Alleged…

Paul Pelosi, the husband of former House Speaker Nancy Pelosi,…

By – Jackie Allen
America July 4, 2026
Beach Closures Expand Across Long Island…

Beach Closures were spread across parts of New York just…

By – Jackie Allen
America July 4, 2026
Beach Closures Expand Across Long Island…

Beach Closures were spread across parts of New York just…

By – Jackie Allen
America July 3, 2026
Mars Rover Images Lead to Debates…

A new Mars Rover image captured by NASA’s Curiosity mission…

By – Jackie Allen
America July 3, 2026
Taylor Swift and Travis Kelce’s Star-Studded…

Taylor Swift and Travis Kelce’s highly anticipated wedding is finally…

By – Rihem Akkouche
America July 3, 2026
Federal Judge Sends Bad Bunny Reggaeton…

INSIDE THIS REPORT A federal judge denied summary judgment to…

By – Samuel Lopez
America July 3, 2026
Mike Rowe Sues Discovery for $2…

Inside This Report Mike Rowe is suing Discovery, claiming the…

By – Samuel Lopez
America July 3, 2026
7-Eleven Sues Nike Over Alleged Air…

INSIDE THIS REPORT Nike faces a federal trademark lawsuit over…

By – Samuel Lopez
Health July 2, 2026
The Hidden Science Behind Why Your…

For millions of people, the first conscious act of the…

By – Tyler Brooks
Health July 2, 2026
The High Cost of the Infinite…

A significant legal chapter is closing for one of the…

By – Tyler Brooks
Health July 2, 2026
Kentucky Medicaid Alert How The Upcoming…

A significant change is arriving for thousands of Kentucky residents…

By – Tyler Brooks
Health June 29, 2026
Everything You Need to Know About…

As the calendar turns to July 1, residents of Georgia…

By – Tyler Brooks
Breaking News June 26, 2026
Trump Seeks $1.4 Billion as Congo…

The Trump Ebola funding request would provide more than $1.4…

By – Michallie Harrison
Health June 25, 2026
Temperatures in France were higher than…

The images coming out of Europe this week are nothing…

By – Tyler Brooks
America July 2, 2026
Taylor Swift Wedding Reports Claim Private…

Taylor Swift Wedding speculation intensified after reports claimed that pop…

By – Jackie Allen
High Profile Court Cases July 2, 2026
Justice Served as Former NFL Scout…

The Nashville courtroom fell silent this Wednesday as a jury…

By – Tyler Brooks
America June 29, 2026
Stonewall Riots: An Uprising That Changed…

The Stonewall Riots marked one of the most significant turning…

By – Jackie Allen
Sports June 26, 2026
USMNT Lost to Turkey at 90+8.…

Kaan Ayhan’s goal came in the 90th minute, plus eight.…

By – Nicolas Carreno
Entertainment June 25, 2026
Tears, Goals, and the Siuuu: IShowSpeed’s…

The 2026 FIFA World Cup has been a rollercoaster of…

By – Tyler Brooks
America June 22, 2026
World Cup History Made as Lionel…

World Cup history was made Monday afternoon in Arlington, Texas,…

By – Jackie Allen

No posts found.

No posts found.

Signup for the USA Herald
exclusive Newsletter