Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Career Intelligence
    • Cyber Tactics
    • Cybersecurity Education & Training
    • Leadership & Management
    • Security Talk
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Interactive Spotlight
    • Photo Galleries
    • Podcasts
    • Polls
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity NewswireCybersecurity News

Comcast flaw could have turned remotes into listening devices

remote-control-freepik.jpg
September 2, 2021

Guardicore has discovered a new attack vector on Comcast’s XR11 voice remote that would have allowed attackers to turn it into a listening device – potentially invading your privacy in your living room.


Before its remediation by Comcast, the attack, dubbed WarezTheRemote, was a genuine security threat: with more than 18 million units deployed across homes in the USA, the XR11 is one of the most widespread remote controls in existence.


The team broke into RF communication between the remote and set-top box and listened in on conversations with a basic RF transceiver. 


WarezTheRemote used a man-in-the-middle attack to exploit the remote’s RF communication with the set-top box and over-the-air firmware upgrades by pushing a malicious firmware image back to the remote, which attackers could have used to continuously record audio without user interaction. 


The attack did not require physical contact with the targeted remote or any interaction from the victim. Bud Broomhead, CEO at Viakoo, a Mountain View, Calif.-based provider of automated IoT cyber hygiene, says, “This is yet another example of IoT device vulnerabilities being exploited by nefarious cyber attackers leading to ransomware, stolen data, or gaining control of a sensitive system. Remediation of IoT device vulnerabilities and maximizing their defensive posture are crucial parts of preventing cascading cyberattacks. Remediation includes upgrading IoT device firmware containing the latest security patches, initial provisioning and rotation of certificates like 802.1x, and credentialing with password enforcement, all at scale across the enterprise. After remediation comes the repatriation of IoT devices back into production as full, secure network citizens, replete with an audit trail for compliance and governance.”


And, while this highlights the need of IoT device makers to think about security to prevent fairly basic attacks like this, it is more important not to lose sight of the more severe risks, explains John Bambenek, Threat Intelligence Advisor at Netenrich, a San Jose, Calif.-based digital IT and security operations company. “While a subset of people need to worry about a stalker hiding in their bushes, the privacy risk is the amount of data these IoT devices are enabling organizations to vacuum upon consumers and whether those entire datasets can be taken and abused by criminals.”


Jake Williams, Co-Founder and CTO at BreachQuest, an Augusta, Georgia-based leader in incident response, says the research highlights why independent security research is essential for consumers. 


Williams adds, “Consumers need to realize that everything that has a microphone can potentially be turned into a listening device. When Amazon released the Echo, many researchers screamed, “the sky is falling,” but of course, those worst fears never came to pass. This has likely lead to some complacency among the public. Amazon expended significant resources on privacy and security that most producing devices with microphones device have not. As we’ve seen with IP-based security cameras before, much of this hardware is a race to the bottom.”

KEYWORDS: cyber security information security Internet of Things (IoT) risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Cyber tech background

    Security’s Top Cybersecurity Leaders 2026

    Security magazine’s Top Cybersecurity Leaders 2026 award...
    Security Leadership and Management
  • Iintegration and use of emerging tools

    Future Proof Your Security Career with AI Skills

    AI’s evolution demands security leaders master...
    Security Education & Training
    By: Jerry J. Brennan and Joanne R. Pollock
  • The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report surveys enterprise...
    The Security Benchmark Report
    By: Rachelle Blair-Frasier
Manage My Account
  • Security Newsletter
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Hand reaching up out of the ocean

What I Learned About Burnout the Hard Way (and How to Actually Fix it)

Paparazzi

When Private Events Become Public Infrastructure: What Celebrity OSINT Teaches Security Leaders

Colorful laptop

Organizations Think They Know Who’s Visiting Their Sites. They Don’t.

Glasses in front of coding on screen

5 Ways Quantum and AI Will Rewrite the Rules of Cyberattacks

Cyber Tactics

AIBOMs: Bringing AI Security Out of the Shadows, A Practical Guide for Security Professionals

Kaseware sponsored webinar
Schneider Electric sponsored webinar

Events

August 25, 2026

Critical Infrastructure Security Is National Security: Protecting Essential Operations in an Era of Escalating Risk

LIVE: August 25, 2026 at 2 PM EDT Learn why critical infrastructure security has become a national security imperative, and the strategies organizations can adopt to improve visibility, collaboration, and response across their security operations.

August 27, 2026

Leveraging AI & Mobility to Advance Your Security Domain

LIVE: August 27, 2026 at 2 PM EDT Explore how AI-driven cloud security solutions can elevate your security domain enhancing threat detection, streamlining operations, and delivering the resilience modern organizations demand.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products


Alertmedia sponsored webinar

Related Articles

  • API-sec-freepik1170x658.jpg

    API security vulnerability in FinTech platform could have enabled account takeover

    See More
  • cyber-security- freepik

    CISA believes SolarWinds attack could have been prevented with simple countermeasures

    See More
  • phishing freepik

    Phishing could have cost businesses $354m in potential direct losses

    See More

Related Products

See More Products
  • Hospitality Security: Managing Security in Today's Hotel, Lodging, Entertainment, and Tourism Environment

  • 1119490936.jpg

    Solving Cyber Risk: Protecting Your Company and Society

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • Newsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2026. All Rights Reserved BNP Media, Inc. and BNP Media II, LLC.

Design, CMS, Hosting & Web Development :: ePublishing