Researchers from the Israel-based Guardicore company have discovered what they describe as a possible "security breach" in the XR11 remotes produced by the US-based Comcast telecommunications company, which could allow hackers to listen and record through the remotes.
The hackers could access remotes that have the option of voice control, activating it remotely and using the device to listen and record what is happening in the area around the remote, researchers said.
"The modems piqued our interest due to the fact that they are directly connected to the server farms of the communication providers," Ofri Ziv, vice president of research at Guardicore, said, cited by The Jerusalem Post. "After we managed to hack into the modem, we decided to take a look at the remote that came with it as well. The reason for our curiosity was the fact that the remote is equipped with a microphone, which immediately makes it an attractive attacking target due to the possibility of listening through it."
According to the company statement, the team informed Comcast of their findings and collaborated with them to fix the issue and adding that the affected remotes were updated.
"Comcast responded very quickly and were courteous and professional throughout the disclosure process. Within a couple of months they had started deploying patch 188.8.131.52, which addresses the issues we disclosed. They were also generous enough to provide us with details of the fixes so we could continue our research", Guardicore said.
They also recommended that companies producing remotes with voice control carefully examine them to avert security breaches.