- We will deliver any equipment to you. But how will you turn the remote control into a wiretap?
Posted: Tue Feb 11, 2025 4:14 am
- Good morning, Bob! My name is Martin, and this is my assistant, Martha. We need to bug a house on 15th Street. The problem is that we can't get into the house, there's always someone there, and the owners, servants, and guests leave electronic devices at the entrance.
- Well, there must be something there?
— In the owner's office there is a huge 60-inch TV from S. The owner loves to watch sports on it. Boxing, football, basketball.
— Could you please tell me more about the brand of the TV?
- Martha?
— Martin, TV S60-37N. The information is accurate. I was in the store where it was purchased and installed. It is the latest model.
- Wait, Martha, does this TV's remote control have a microphone?
- Yes. The remote control works via Wi-Fi, not the standard infrared channel.
- Great. I think I read about something like that recently. Give me a couple of days. I need to call the guys and consult.
- Do you want to hack the remote control?
- Well, yes. I want to and I will hack. Or rather, I won't hack it myself, but I'll ask my colleagues to share the hacking method. And I'll just try to apply it.
- Are you sure?
— Yes. While security threats to home IoT devices have been widely studied over the past few years, TV remotes have not yet received much attention as a potential attack vector — despite being one of the most common devices in the home.
- What do you need for this? Probably to break into the house?
— Why??? The attack does not require physical contact — only a cheap radio frequency transceiver. If we manage to hack it, then using the antenna, we will be able to listen to conversations taking place in the house at a distance of about 2 meters. And if we choose better equipment, then I think this distance can be increased.
— These remotes have over-the-air cameroon whatsapp data updates, and the firmware does not need to be signed for the remote to install it. This means that if we manage to upload our own malicious firmware image to the remote, we can use its microphone to continuously operate and exfiltrate the recorded audio.
Three days passed.
- Chief, I'm at your disposal. The guys from the Drug Enforcement Department will handle the rest themselves.
- Bob, you're great! Thank you very much!
- This is my job.
Fairy tale? Not at all! Guardicore specialists have managed to turn the XR11 voice remote control from Xfinity into a listening device. So be careful!
- Well, there must be something there?
— In the owner's office there is a huge 60-inch TV from S. The owner loves to watch sports on it. Boxing, football, basketball.
— Could you please tell me more about the brand of the TV?
- Martha?
— Martin, TV S60-37N. The information is accurate. I was in the store where it was purchased and installed. It is the latest model.
- Wait, Martha, does this TV's remote control have a microphone?
- Yes. The remote control works via Wi-Fi, not the standard infrared channel.
- Great. I think I read about something like that recently. Give me a couple of days. I need to call the guys and consult.
- Do you want to hack the remote control?
- Well, yes. I want to and I will hack. Or rather, I won't hack it myself, but I'll ask my colleagues to share the hacking method. And I'll just try to apply it.
- Are you sure?
— Yes. While security threats to home IoT devices have been widely studied over the past few years, TV remotes have not yet received much attention as a potential attack vector — despite being one of the most common devices in the home.
- What do you need for this? Probably to break into the house?
— Why??? The attack does not require physical contact — only a cheap radio frequency transceiver. If we manage to hack it, then using the antenna, we will be able to listen to conversations taking place in the house at a distance of about 2 meters. And if we choose better equipment, then I think this distance can be increased.
— These remotes have over-the-air cameroon whatsapp data updates, and the firmware does not need to be signed for the remote to install it. This means that if we manage to upload our own malicious firmware image to the remote, we can use its microphone to continuously operate and exfiltrate the recorded audio.
Three days passed.
- Chief, I'm at your disposal. The guys from the Drug Enforcement Department will handle the rest themselves.
- Bob, you're great! Thank you very much!
- This is my job.
Fairy tale? Not at all! Guardicore specialists have managed to turn the XR11 voice remote control from Xfinity into a listening device. So be careful!