Comcast RF Attack Leveraged Remotes for Surveillance
Researchers have found that a now-patched vulnerability in Comcast’s XR11 voice remotes may have been leveraged by attackers to conduct surveillance. XR11 remotes are highly common and are present in roughly 18 million homes across the US. According to researchers at Gaurdicore, the remote’s flaw allowed attackers to listen in on conversation occurring in homes from up to 65 feet away. The flaw made it easy for a threat actor to intercept radio frequency communications between the remote and the set-top box, which basically turned the remote into a surveillance device.
The flaw was disclosed in October and has since been patched by Comcast. However, researchers at AT&T Cybersecurity recently released a report providing additional details on the bug. The report highlights the risks of deploying millions of IoT devices without basic security to protect them from being weaponized and leveraged by cybercriminals.