Israeli researchers discover a loophole allowing pirates to spy via remote controls
Guardicore researchers informed Comcast of the security breach and worked with them to resolve the issue.
Researchers at the Israeli company Guardicore have discovered a security hole that would allow hackers to listen in on users via remote controls owned by U.S.-based cable company Comcast.
Comcast provides remote controls that can accept voice commands. The security hole would allow hackers to activate the remote control remotely and listen to what was happening within a few meters of the remote control.
Cable service is installed in more than 18 million homes and offices in the United States.
The remote control automatically checks for updates every 24 hours. It is when it checks for updates, that the violation takes place, allowing hackers to turn the remote control into a recording device.
Guardicore researchers informed Comcast of the flaw and worked with them to solve the problem. All affected remotes have been updated with the patch.
Researchers recommend that all companies that provide voice-activated remote controls should test them carefully to avoid security breaches.
“The modems appealed to us because they are directly connected to the server farms of communication providers,” explained Ofri Ziv, Vice President of Research at Guardicore, in a press release.
“After successfully hacking the modem, we decided to take a look at the remote control that came with it as well. The reason for our curiosity was the fact that the remote control is equipped with a microphone, which immediately makes it an attractive attack with the possibility to listen . “
The researchers were also interested because the remote controls support RF technology, allowing them to communicate over long distances and through walls.
“Immediately after discovering the vulnerabilities and the possibility of using them for malicious purposes, we reported it to the company, which reacted quickly and professionally, releasing software updates that fixed the various bugs we had reported in both the remote control and the modem, using a remote update mechanism,” said Ziv.
Guardicore provides software to hundreds of companies to protect their cloud systems and internal servers.