Nearly 18 million households using equipment from US cable and communication provider Comcast were saved from a potential security breach by Israeli cybersecurity firm Guardicore.
Comcast’s Xfinity TV remote control has a built-in microphone to listen to voice commands. But security was weak, potentially allowing hackers to listen in to what was happening wherever the system was installed, whether in the living room or the bedroom.
The remote control in question supports RF technology, not the old-fashioned IR (infrared), meaning that voice information can be communicated from long distances – even through walls.
According to Guardicore, a hacker with a cheap RF transceiver 65 feet away could take over the Comcast XR11 remote — one of the most widely used TV remote controls in America.
With better equipment, hackers could have deployed an attack from even farther away. “This is the alarming part,” Guardicore wrote in its 56-page report, delivered to Comcast in April. “It conjures up the famous ‘van parked outside’ scene in every espionage film in recent memory.”
Because the Comcast Xfinity remote is not connected to the Internet, it was not initially seen as vulnerable, said VP Research Ofri Ziv. But the set-top boxes are directly connected to the telecommunication providers’ server farms.
To run its test, Guardicore’s researchers temporarily disabled Comcast’s cable box and remote, “impersonated” the system, and sent malicious software that made the remote record and transmit audio on command, without users pushing the microphone button, explained JJ Lehmann, Guardicore’s senior researcher.
Comcast took immediate action and has since plugged the security hole. Updated software was installed on users’ remote controls and Comcast set-top boxes.
Comcast said it does not appear that the flaw ever compromised actual customers, and that the remote hacked by Guardicore is an older model no longer shipped to customers.
“Nothing is more important than keeping our customers safe and secure, and we appreciate Guardicore for bringing this issue to our attention,” the company said in a statement.
Guardicore specializes in protecting enterprise cloud systems and internal servers. With hundreds of clients, the company has raised $110 million.