|reply to telcodad |
Re: [Bill] Comcast billing issue on the Consumerist site
OK, some more details on this case from the source article:
Bamboozled: Seeing red over blue-movie fees
The Star-Ledger of NJ, NJ.com - April 2, 2012
An excerpt (which seems to dismiss a lot of my possible explanations):
"Before taking on Hart's case, we had a host of questions about who has access to her home.
"I am the housekeeper, accountant and chef," she said. "I have no one that comes in."
She has no kids. No family members who come and go. She's not having construction at the home, so workers aren't in and out. Her boyfriend of nine years does have access, but he works a full-time job including times when movies were ordered.
Upon our request, Hart gave us copies of telephone records and datebooks so we could compare Harts and her boyfriends locations during the times of the porn charges.
It seems there were plenty of times that Hart has evidence that no one was home, or that her boyfriend was working, when movies were ordered.
For example, there were unauthorized charges on Jan. 21 from 12:30 to 9:30 p.m. Cell phone records, datebook records and receipts show that on Jan. 21, Hart was at a 1:45 doctors appointment and her boyfriend was at his job, 45 minutes away, from 9 a.m. until 8:14 p.m.
We looked at many other dates, too.
If the skeptics among you think it has to be the boyfriend, consider this: If hes been with Hart for nine years, why suddenly order porn for the first time? And even if it was him, after Hart discovered the January charges, why continue to order month after month?
Also, its customary for service providers to give customers a credit the first time an unexpected or possibly unauthorized charge appears on a bill. But if Comcasts investigation determined the orders originated in the house, why credit Hart a second time?
We looked online for similar complaints and found many. Customers said they even unhooked their boxes for an entire month, but the porn charges continued to appear.
We took these questions to Comcast, and while it investigated, we talked to a few experts to see if it was technically possible for someone to hack into another customers digital system.
For starters, a simple Google search finds all kinds of ways to allegedly hack into cable boxes, but were not techies at heart. We asked the experts.
David Maloney, a security researcher at Rapid7, a security assessment company, said its hard to give a definitive answer without knowing the specs of Comcasts system in that area.
Still, while Comcast said it identified which set-top box placed the orders, Maloney said thats not a foolproof system.
"STBs are usually identified simply by the MAC (Media Access Control) address, which is easily spoofed," Maloney said.
He said spoofing a MAC address hides the actual hardware address, making it look like orders are coming from a different device.
Additionally, he said, many models of set-top boxes can be modified with new operating systems, giving attackers access.
He said companies often make the mistake of believing their STBs are known quantities and they fail to account for the possibility of them being modified.
"This can result in basic safeguards being neglected due to the mistaken assumption that an attacker could never get on that network," he said.
Maloney also said if a malicious user was able to spoof a request from an STB so it appeared that a request was coming from another STB, it would theoretically be possible to purchase programming and charge it to someone else.
Tech analyst Jeff Kagan also said a hack is possible. He said hes heard these complaints for years, and not just about Comcast, but about all cable providers.
"It may be just like hackers on your computer. They can hack into networks at various points and they can take service," Kagan said. "(Cable companies) dont talk about it because they dont want everyone to know there is a problem.""