Comcast's XR11 is a common voice-activated cable Television remote control with over 18 million units spread throughout the U.S. Remote allows users to tell the channel or content what they want to watch instead of typing in the channels or typing to check.
Cybersecurity researchers found a significant weakness in the remote area, allowing hackers to take control of it. The resulting attack, termed WarezTheRemote, does not require any intervention from the victim-it is extremely cheap to execute and it can be performed remotely.
"Few people think of their television remote controls as ‘connected devices,’ fewer still would guess that they can be vulnerable to attackers, and almost no one would imagine that they can jeopardize their privacy. In this case, the recent development of RF-based communication and voice control makes this threat real. Even more so in these strange times: With so many of us working from home, a home-recording device is a credible means to snoop on trade secrets and confidential information." ; said researchers from Guardicore.
The vulnerability
The Research teams re-engineered the XR11 remote firmware and software in which it interacts mostly on the set-top box. They identified a flaw in the way that the RF packets handle remote incoming.
The vulnerability comes from the fact that the initial XR 11 firmware did not check the responses from encrypted requests were encrypted meaning the firmware doesn't verify, the researchers said. which could allow attackers to effectively formulate a malicious respond to a remote XR10 request.
“WarezTheRemote used a man-in-the-middle attack to exploit remote’s RF communication with the set-top box and over-the-air firmware upgrades – by pushing a malicious firmware image back the remote, attackers could have used the remote to continuously record audio without user interaction,”they stated
Well done👏