dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
29

Floppy
join:2002-07-03

Floppy to telcodad

Member

to telcodad

Re: [Bill] Comcast billing issue on the Consumerist site

Funny that little excerpt omits some other details:

Excerpt included:

"Comcast said that though the orders appeared to have been placed via the customer's set-top box in her bedroom — which she promptly swapped out — it would credit her the $280. They also walked her through the process of setting up a PIN for ordering purposes so that no random ghost could order hours of hardcore on her account. But then, not even a month later, another attempt to watch something without vast amounts of naked flesh was thwarted because someone had ordered hundreds of dollars more in porn on her account.Either I'm here or I'm at the doctor's office," said the woman, who lives alone, "unless it's my cat who has an addiction to porn after I'm asleep at night."

But doesn't include:

"Once again, Comcast gave her the benefit of a doubt and issued a credit for $550.59.Three new boxes were installed and the customer set up PINs on each of them. And then she gets the bill for $423.65 worth of new PPV porn.This time, Comcast was not so understanding and refused to issue a credit."

Everyone always says i don't order porn or my family doesn't. Bottom line orders were confirmed on 4 different boxes. Customer was educated by setting up a PIN code to prevent unauthorized purchases and miraculously porn was still ordered. She may might not have ordered porn however someone who has access to her home did.

AVD
Respice, Adspice, Prospice
Premium Member
join:2003-02-06
Onion, NJ

AVD

Premium Member

should be a way to block it at the central office...
yhp
join:2006-12-27
Philadelphia, PA

yhp

Member

said by AVD:

should be a way to block it at the central office...

They're clearly able to block PPV orders when a customer exceeds a maximum amount of billed $$ -- that's how she became aware of the problem each time it came up.

She's apparently not willing to block PPV entirely until this is sorted out, which is regrettable, since Comcast obstinately persists in allowing porn to be ordered to her last dime. She's only going to contest these things, but if she loses, she'll wish she had 86'ed PPV and signed up with netflix.

telcodad
MVM
join:2011-09-16
Lincroft, NJ

1 recommendation

telcodad to Floppy

MVM

to Floppy
I really don't think that the woman is ordering the PPV herself.

If Comcast has verified that it is coming from one of her current boxes (and not from one of those old ones she originally swapped out), then here are some possibilities:

"One expert tells Bamboozled it wouldn't be all that difficult for a clever hacker to make it look like their massive porn purchases are being ordered through someone else's set-top box." A "cloned" box?

"... and her boyfriend was at his job, 45 minutes away, from 9 a.m. until 8:14 p.m." Could the boyfriend have stopped back at the apartment during that time?

Could one of their friends or a relative, the super, maintenance man or someone else that could have access to the apartment, be doing this?

One way to eliminate these last two possibilities would be to use a stealth "nanny cam" to record any unattended activity near that cable box. Who knows what it might catch - maybe it is the cat!

tshirt
Premium Member
join:2004-07-11
Snohomish, WA

tshirt

Premium Member

said by telcodad:

....would be to use a stealth "nanny cam" to record any unattended activity near that cable box....

yet when the same technology is even hinted at for POSSIBLE home security, advertizing, or motion sensing (a la Kinnect) it is immedietly derided as " invasive, spying", or other such terms.
perhaps a password, along with the understanding that giving the password to ANYONE, is like giving them your credit card would be better.

AVD
Respice, Adspice, Prospice
Premium Member
join:2003-02-06
Onion, NJ

AVD

Premium Member

they set up a pin for her, and there is still activity...

telcodad
MVM
join:2011-09-16
Lincroft, NJ

telcodad

MVM

OK, some more details on this case from the source article:

Bamboozled: Seeing red over blue-movie fees
The Star-Ledger of NJ, NJ.com - April 2, 2012
»www.nj.com/business/inde ··· 169.html

An excerpt (which seems to dismiss a lot of my possible explanations):

"Before taking on Hart's case, we had a host of questions about who has access to her home.

"I am the housekeeper, accountant and chef," she said. "I have no one that comes in."

She has no kids. No family members who come and go. She's not having construction at the home, so workers aren't in and out. Her boyfriend of nine years does have access, but he works a full-time job — including times when movies were ordered.

Upon our request, Hart gave us copies of telephone records and datebooks so we could compare Hart’s and her boyfriend’s locations during the times of the porn charges.

It seems there were plenty of times that Hart has evidence that no one was home, or that her boyfriend was working, when movies were ordered.

For example, there were unauthorized charges on Jan. 21 from 12:30 to 9:30 p.m. Cell phone records, datebook records and receipts show that on Jan. 21, Hart was at a 1:45 doctor’s appointment and her boyfriend was at his job, 45 minutes away, from 9 a.m. until 8:14 p.m.

We looked at many other dates, too.

If the skeptics among you think it has to be the boyfriend, consider this: If he’s been with Hart for nine years, why suddenly order porn for the first time? And even if it was him, after Hart discovered the January charges, why continue to order month after month?

Also, it’s customary for service providers to give customers a credit the first time an unexpected or possibly unauthorized charge appears on a bill. But if Comcast’s investigation determined the orders originated in the house, why credit Hart a second time?

We looked online for similar complaints and found many. Customers said they even unhooked their boxes for an entire month, but the porn charges continued to appear.

We took these questions to Comcast, and while it investigated, we talked to a few experts to see if it was technically possible for someone to hack into another customer’s digital system.

For starters, a simple Google search finds all kinds of ways to allegedly hack into cable boxes, but we’re not techies at heart. We asked the experts.

David Maloney, a security researcher at Rapid7, a security assessment company, said it’s hard to give a definitive answer without knowing the specs of Comcast’s system in that area.

Still, while Comcast said it identified which set-top box placed the orders, Maloney said that’s not a foolproof system.

"STBs are usually identified simply by the MAC (Media Access Control) address, which is easily spoofed," Maloney said.

He said spoofing a MAC address hides the actual hardware address, making it look like orders are coming from a different device.

Additionally, he said, many models of set-top boxes can be modified with new operating systems, giving attackers access.

He said companies often make the mistake of believing their STBs are known quantities and they fail to account for the possibility of them being modified.

"This can result in basic safeguards being neglected due to the mistaken assumption that an attacker could never get on that network," he said.

Maloney also said if a malicious user was able to spoof a request from an STB so it appeared that a request was coming from another STB, it would theoretically be possible to purchase programming and charge it to someone else.

Tech analyst Jeff Kagan also said a hack is possible. He said he’s heard these complaints for years, and not just about Comcast, but about all cable providers.

"It may be just like hackers on your computer. They can hack into networks at various points and they can take service," Kagan said. "(Cable companies) don’t talk about it because they don’t want everyone to know there is a problem.""
yhp
join:2006-12-27
Philadelphia, PA

yhp

Member

Bamboozled: Seeing red over blue-movie fees
The Star-Ledger of NJ, NJ.com - April 2, 2012

Ah, so she has finally blocked all Comcast PPV. Good for her.

Next stop, netflix!