Comcast’s Xfinity X11 remote—which features a much-touted voice control feature—had a security flaw that could have theoretically let a hacker use the device to bug your living room. That scary scenario has been ended thanks to the Philadelphia-based cable giant’s fix of a vulnerability discovered by outside researchers.
The flaw that the Boston- and Tel Aviv-based security firm Guardicore reported to Comcast would have let an attacker outside a target’s home silently install custom firmware on the remote that would force it to record audio surreptitiously and stream it back to the attacker.
As Guardicore’s report explains at length, this would not have been a quick or easy trick. But this bullet we appear to have dodged should provide yet another reason to be wary of connected gadgets with microphones. Guardicore was able to pull off this exploit by chaining together a series of weak points in the XR11 remote