Vulnerability in Comcast Voice Remotes Could Allow Listening In
Security researchers discovered a vulnerability that affected Comcast voice-controlled remote controls until recently. The issue allowed bad actors to take control of the devices and use them to listen in on anything going on near the remote control handheld unit.
The vulnerability has already had a patch issued to address it. While it was still unpatched, however, estimates are that it affected over 18 million devices in the US alone. The researchers who conducted the research discovered that the previously existing vulnerability allowed them to pull off a man in the middle attack and use the Comcast XR11 voice remote as a beacon allowing listening in from a distance of up to 20 meters.
The attack was called "WarezTheRemote" by the researcher team at Guardicore who discovered the vulnerability. The attack vector consisted of a bad actor responding to RF outgoing requests from the remote.
If a hacker managed to guess the contents of a request coming from the remote, they could respond to it with a malicious callback. Researchers explained that this could lead to tricking the device to accept whatever is coming from the hacker as legitimate information, including firmware updates.
A successful attack gives the hacker full access to the compromised device, including flashing its firmware. Once having such elevated privileges, the bad actor only needed to jump over a few final hurdles to listen in on anything going on near the remote.
Even though this issue has been fixed for a while through an update, it still shows how a fully connected society where every single gadget is an IoT gadget still poses a lot of dangers and vulnerabilities will inevitably creep up even in devices following best security practices and standards.
IoT devices are often also used for various other malicious purposes, from being taken over and used as bots in DDoS attacks to being infected with cryptomining malware and used as work drones for a hacker's crypto wallet.