Experts turned a TV remote into a spy device

Experts turned a TV remote into a spy device

The researchers modified the firmware of XR11 so that the microphone could be turned on remotely. Guardicore found a number of vulnerabilities in the XR11 remote control for Xfinity subscribers (a subsidiary of U.S. telecommunications corporation Comcast). According to them, using the vulnerabilities, attackers can turn a TV remote control into a spy device.

XR11 allows users to switch channels, select programs and perform other actions with the help of voice commands. In the course of the research Guardicore specialists used the remote control for Xfinity X1 set-top box.

The first stage of the attack, called WarezTheRemote, involves remote installation of a malicious firmware version on XR11. To transmit the signal to the set-top box, the device uses radio waves rather than infrared rays like conventional remotes. Since the length of the radio waves is much longer than the infrared rays, the attackers can carry out an attack even when they are quite far away.

The connection between the remote control and the set-top box is encrypted, but the mechanism to check that only encrypted responses are received for encrypted requests is absent in the firmware. In other words, the attackers can send malicious responses in an unencrypted form.

Every 24 hours, the console automatically checks for available firmware updates by sending the corresponding request. According to the researchers, the cybercriminals can forge a response from the console and inform the console about available firmware updates.

The experts were able not only to send the console a malicious firmware update by forging the responses from the STB, but also to cause the STB to be refused service so that it could not interfere with the attack process (the firmware update took almost half an hour, and during this time the process could be interrupted).

The researchers reverse-engineered the firmware and were able to make small changes to enable remote activation of the remote microphone. Recorded audio was transmitted over radio waves, providing an opportunity to overhear users’ conversations.

Comcast was notified of the vulnerabilities in April this year, and deployment of patches began on July 14. The vulnerability fixing firmware version was distributed to all devices on September 24th.

WARNING! All links in the articles may lead to malicious sites or contain viruses. Follow them at your own risk. Those who purposely visit the article know what they are doing. Do not click on everything thoughtlessly.


0 0 vote
Article Rating
Notify of
Inline Feedbacks
View all comments

Do NOT follow this link or you will be banned from the site!
Would love your thoughts, please comment.x

Spelling error report

The following text will be sent to our editors: