Recently, a critical vulnerability has been uncovered in the Comcast smart voice remote control, allowing attackers to remotely listen to victims’ private conversations. The attack has been disclosed by researchers and named ‘WarezTheRemote.’ Comcast currently has 18 million active units across the US utilizing the voice-activated remote control for cable TV, which is known as the XR11. The smart remote allows users to dictate the channel or content they want through voice activation rather than typing in the function.
The serious vulnerability does not require any user interaction on the target’s end and is extremely cheap to carry out. Attackers only need a low-priced RF transceiver and an antenna and can be up to 65 feet away from the device. The vulnerability exists due to the fact that the original XR11 firmware failed to verify that responses to encrypted requests are encrypted as well. Therefore, an attacker could view requests from the remote in plaintext. The vulnerability poses a particularly strong threat right now due to the movement to teleworking and the issue that sensitive information could be shared during work meetings and snooped on via the Comcast remote.