Comcast voice remotes have a flaw that allowed security researchers to turn them into secret recording devices with a little tinkering…
Everyone has probably heard the rumor (rather misconception) that having a conversation about a product near tech devices will cause said product to pop up during the next online session. The fears of smartphones listening are unfounded. However, that doesn’t mean it’s impossible to turn at least some internet-connected devices into listening devices.
Comcast Fixes Vulnerability that Turned its Voice Remotes into Microphones
Researchers at Guardicore Labs have managed to do just that. The team transformed a Comcast XR11 voice remote into a remote microphone. Guardicore was examining the company’s set-top-box and remote pairing. During the analysis, the group found the system pushing firmware updates wasn’t entirely secure. So, they took an RF transceiver, then installed malicious software onto the remote. After some fiddling, the researchers could listen to conversations through the remote from as far as 15 feet away.
Guardicore even claims that with a 16dBi antenna, they would be able to attack a handset from as much as 65 feet. What’s more, more powerful gear could extend that range. Fortunately, Comcast has already applied a patch, so the flaw is no longer exploitable.