Comcast Corporation (NASDAQ: CMCSA) acknowledged that the Xfinity voice-activated remote had a major security flaw that could allow drive-by-hackers to record and listen clearly to consumers’ private conversations in their homes.
However, the Philadelphia-based cable giant immediately took steps and fixed the vulnerability in XR11 remote control for cable TV.
The cable giant’s XR11 is an ease-of-use remote that allows users to use their voice to find the channel or content they want instead of entering the numbers or scrolling up and down on the channel guide.
A cybersecurity company based in Tel Aviv, Guardicore discovered the vulnerability and submitted an extensive report to Comcast in April.
In response to the report, the cable giant launched an investigation into the security flaw and was able to fix it last month.
On Wednesday, Guardicore researched published their report indicating that there are 18 million units of XR11 remote controls in use across the United States. It is on “one of the most widespread remote controls in existence.”
The researchers also noted that most of the past research was focused on security issues affecting interconnected devices such as “smart” speakers. According to them, the Comcast XR11 does not connect to the internet but it is equipped with a radio frequency.
Comcast remote vulnerable to drive-by-hackers
Guardicore researchers used a radio receiver and an antenna to send software updates by intercepting the daily communications between the cable box and remote. They then temporarily shut down and impersonate the box sent malicious software to make the remote record and transmit audio on command, according to the cybersecurity company’s senior researcher JJ Lehmann
Researchers took over the Comcast XR11 remote from 65 feet away, but if they had better equipment it would have allowed them to deploy the attack from farther away, he added.
“This is the alarming part. It conjures up the famous ‘van parked outside’ scene in every espionage film in recent memory,” the researchers stated in their report.
Also, the researchers described how drive-by-hackers outside of a target residence could install custom firmware on the remote to force it to record audio without discovery and stream it back to the bad actors.
The attack, named “ WarezTheRemote”, requires no interaction with the victim and would be very cheap to carry out. All the hackers would need is a low-priced RF transceiver and antenna. It can be remotely launched but requires physical distance not to exceed 65 feet.
Comcast statement outlines the “fix”
In a statement, Comcast said a comprehensive review of the security was conducted. The company found no evidence that its customers’ privacy was compromised due to the vulnerability.
Comcast also reassured customers that the recent fix prevents the attack described in Guardcore’s report. The “fix” provides another layer of security. The company also noted that Guardcore researchers hacked an older model of the remote. It is no longer shipping that model to customers.
“Technologists for both Comcast and Guardicore confirmed that Comcast’s remediation not only prevents the attack described in this paper but also provides additional security against future attempts to deliver unsigned firmware to the X1 Voice Remote.
“Nothing is more important than keeping our customers safe and secure, and we appreciate Guardicore for bringing this issue to our attention,” according to the cable giant.
Pandemic increases the risk of hacking
This year Americans have been getting warnings that our IoT devices might be spying on us. Many common electronics are highly vulnerable to hacking or even allowing open access to the technology provider.
Interpol warned that during the coronavirus pandemic there is an increased number of hack attacks around the world.
The FBI issued several advisories and warns that “hackers can use an innocent device to do a virtual drive-by of your digital life.”
Since the pandemic, our homes are often being used as offices. Hacking private citizens at home is now more likely to compromise trade or company secrets. According to Microsoft, “the first half of 2020 saw an approximate 35% increase in total IoT attack volume compared to the second half of 2019.”
Have a story you want USA Herald to cover? Submit a tip here and if we think it’s newsworthy, we’ll follow up on it.
Want to contribute a story? We also accept article submissions — check out our writer’s guidelines here.