dslreports logo
Comcast's Xfinity Home Security System Trivial to Hack

Security researchers at Rapid7 have discovered vulnerabilities in Comcast’s Xfinity Home Security system that could allow hackers to trick homeowners into thinking they're protected -- when they're anything but. The system uses the ZigBee-based protocol to communicate over the 2.4 GHz radio frequency band, which can easily be jammed to block communications between a door, window or other entry point, with the Comcast baseband hub.

Click for full size
"By creating a failure condition in the 2.4 GHz radio frequency band, the Comcast XFINITY Home Security System fails open, with the base station failing to recognize or alert on a communications failure with the component sensors," notes the researchers in their summary of the problem.

"In addition, sensors take an inordinate amount of time to re-establish communications with the base station, even if their "closed" state is switched to "open" during the failure event," the researchers add.

In some additional comments made to Wired, the researchers note these jammed sensors can remain disconnected from the central hub for up to three hours. Once the sensor does come back online, the system makes no attempt to inform the user there was ever a problem.

Note that Comcastic peace of mind doesn't come cheap -- in addition to $30 and $40 per month options, the service features a very steep early termination fee: $770 for the basic service, and $1100 for the Premier service. You'll also have to pay an activation fee (which Comcast is waiving for new markets, and an installation charge of between $200 & $300).

Researchers says they informed Comcast of the security flaw in its Xfinity home security platform on November 2, but have yet to hear back from the cable giant.

Most recommended from 30 comments



kdwycha
join:2003-01-30
Ruskin, FL

15 recommendations

kdwycha

Member

Lulz.

Click for full size
Utilizing Comcast for home security is like hiring this cat to take care of a rodent problem.

Camelot One
MVM
join:2001-11-21
Bloomington, IN

12 recommendations

Camelot One

MVM

This is probably listed in the fine print

I would imagine the fine print on their security system points out that it isn't in any way secure, and shouldn't be relied on. Comcast is already robbing people with their service, why would they care if other people can do the same.

ilikeme
Premium Member
join:2002-08-27
Stafford, TX

7 recommendations

ilikeme

Premium Member

Get a local company that knows what they are doing.

I always have to laugh when Comcast tries to get me to sign up for their pos "security" system. I have a few friends with it and all have had problems with it. I have always thought it looked way too easy to defeat also.

Get a local company that installs hard wired systems with the main panel hidden away somewhere in the house. My Honewell Vista system is entirely hardwired to all sensors, with every exterior door and window connected, 8 glass break sensors and 4 motion detectors throughout, smoke/heat sensors throughout, and water sensors in the attic drip pans. It is connected to the local monitoring center with an internet communicator connected to my cable internet but also has a simultaneous full-data Verizon cellular backup built in. You can't get a system like this one from Comcrap or At&t.
silbaco
Premium Member
join:2009-08-03
USA

5 recommendations

silbaco

Premium Member

Trivial?

I don't know if I would call this trivial. The average thief has no idea what anything in this report means. And for the few that do they probably wouldn't bother as there are far easier targets unless we are talking about a several million dollar home. In which case you probably shouldn't leave home security to Comcast.

This definitely should be fixed. But I personally wouldn't lose a second of sleep over this.

xsquid
@madisontelco.com

3 recommendations

xsquid

Anon

Zigbee?

Is this different in some way from other providers who use the same technology? Is Comcast using typical practices here, or is their system somehow more vulnerable than others who offer similar services? How was Comcast singled out?
rendrenner
join:2005-09-03
Grandville, MI

2 recommendations

rendrenner

Member

Only Comcast??

Doesnt this apply to all wireless home security systems that use ZigBee?