Security researchers at Rapid7 have discovered vulnerabilities in Comcast’s Xfinity Home Security system that could allow hackers to trick homeowners into thinking they're protected -- when they're anything but. The system uses the ZigBee-based protocol to communicate over the 2.4 GHz radio frequency band, which can easily be jammed to block communications between a door, window or other entry point, with the Comcast baseband hub.
"By creating a failure condition in the 2.4 GHz radio frequency band, the Comcast XFINITY Home Security System fails open, with the base station failing to recognize or alert on a communications failure with the component sensors," notes the researchers in their
summary of the problem.
"In addition, sensors take an inordinate amount of time to re-establish communications with the base station, even if their "closed" state is switched to "open" during the failure event," the researchers add.
In some additional comments made to Wired, the researchers note these jammed sensors can remain disconnected from the central hub for up to three hours. Once the sensor does come back online, the system makes no attempt to inform the user there was ever a problem.
Note that Comcastic peace of mind doesn't come cheap -- in addition to $30 and $40 per month options, the service features a very steep early termination fee: $770 for the basic service, and $1100 for the Premier service. You'll also have to pay an activation fee (which Comcast is waiving for new markets, and an installation charge of between $200 & $300).
Researchers says they informed Comcast of the security flaw in its Xfinity home security platform on November 2, but have yet to hear back from the cable giant.