Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

Comcast Remote Control Listens to Your Conversations

October 8, 2020

Another bad day for Comcast. Every year Comcast is rated one of the worst companies for customer service. Many folks don't have much choice in who they select for their TV, phone and internet service and are stuck with Comcast. The Register reported that researchers from infosec security firm Guardicore identified a problem with Comcast's Xfinity XR11 voice remote. Basically, the vulnerability allows an attacker to turn the remote into a surveillance device. The researchers call the attack WarezTheRemote and explained:

"The attack did not require physical contact with the targeted remote or any interaction from the victim – any hacker with a cheap RF transceiver could have used it to take over an XR11 remote. Using a 16dBi antenna, we were able to listen to conversations happening in a house from about 65 feet [about 20m] away. We believe this could have been amplified easily using better equipment."

Another case of convenience over security. We all need to be vigilant, especially when it comes to IoT devices. If you are unfortunate enough to be a Comcast customer and have a XR11 remote, make sure you update the remote to version 1.1.4.0 via the set-top box.

Email: Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://senseient.com