This session will explore research into Comcast’s XR11 voice remote and how the WarezTheRemote research project used a man-in-the-middle attack to exploit the remote's RF communication with the set-top box and over-the-air firmware upgrades. By pushing a malicious firmware image back to the remote, attackers could have used the remote to continuously record audio without user interaction.