Israeli syber researches: A serious security breach that reveals what is happening inside homes in the US
Posted on Oct 13, 2020 by Ifi Reporter
A serious security breach that created an opening for eavesdropping on what is happening inside homes in the United States has been revealed by investigators from the Israeli company Guardicore.
The breach was discovered in the equipment of Comcast, the largest cable and communications company in the United States, which is installed in over 18 million households across the United States, as well as in the offices of organizations and companies, and is the largest of its kind in terms of exposed devices.
Comcast's system includes a remote that receives voice commands coated on the TV. The security vulnerability made it possible to open it remotely and listen to what was going on where it was installed, in the living room, bedrooms or children's rooms, without the family members noticing.
Comcast's TV signs have been programmed so that they check once every 24 hours whether there is an update in the company's systems. This period of time created a loophole for the attackers to infiltrate a damage sign that turned it into a remotely controlled recording device with a hearing range and recording of any person who spoke even within a range of several meters from it.
Guardicor investigators reported to Comcast members about the breach and worked with them to fix it and prevent serious invasion of users' privacy and exposing strangers to sensitive personal and family information or eavesdropping on the offices of companies and organizations where the system was installed. An update was sent to all users closing the loophole.
Smart TVs and many cable and satellite companies in Israel and abroad provide their customers with voice control. Guardicor's cyber researchers recommend that all companies conduct rigid simulations to see if their devices are exposed to eavesdropping.
Ofri Ziv, Vice President of Research and Laboratories at Gardicur, explains the process that led to the exposure: "The converters aroused our interest due to the fact that they are directly connected to the server providers' server farms. In the microphone, which immediately makes it an attractive attacking target due to the ability to listen through it.In addition to the sign in question supports RF technology, unlike traditional infrared signs, meaning it can be communicated from a long distance and even through walls. For this to a company that responded quickly and professionally and released software updates that fix the various bugs we reported to both the remote and the converter, and also installed them on the end devices using a remote update mechanism that they have.
Guardicore, founded by Dror Selai, Pavel Gurevich and Ariel Zeitlin, develops comprehensive protection software for enterprise cloud systems and internal servers that operates successfully in hundreds of companies in the fields of finance, e-commerce and technology and educational organizations. The company raised $ 110 million and employs 200 people in Israel, the United States, Canada, Brazil, India, Mexico, Western Europe and Ukraine.