Although flaws in the XR11’s cryptography were first publicized in a 2017 talk at the Defcon hacker conference—researcher Logan Lamb, then with Bastille Security Group, showed how they pushed their own update to the remote and said “the reason you can do this is because there’s no crypto involved”—Comcast says it doesn’t believe any customer got hit with this attack.
“Based on our thorough review, which included Guardicore’s research and our own technology environment, we don’t believe this issue was ever used against any Comcast customer,” emailed spokesman David McGuire. “We thank Guardicore for its responsible disclosure of this matter and appreciate the important role that independent security researchers play in our ongoing commitment to keeping our products and customers safe and secure.”
Comcast provides a dedicated channel for researchers to report vulnerabilities and pays rewards for confirmed submissions of flaws as part of a program managed by the security firm Bugcrowd.
About the Author
SIGN UP OUR NEWSLETTER
For get offers from our favorite brands & get 20% off for next