Comcast's Xfinity Home Security Flaw Leaves Doors Open

itwbennett writes: Researchers at Rapid7 have disclosed vulnerabilities in Comcast's Xfinity Home Security offerings that prevent the system from alerting homeowners to unsecured doors or windows and would also fail to sense an intruder's motion in the home. The root cause of the problem can be found in the ZigBee-based protocol used by Comcast's system to operate over the 2.4 GHz frequency band. Rapid7's Phil Bosco discovered that the Xfinity Home Security system does not fail closed with an assumption of an attack if radio communications are disrupted. Instead, the system fails open, reporting that all sensors are intact, doors are closed, and no motion is detected.

Re:You get what you deserve for using comcast.

[macs4all]

I would imagine that since it operates in the 2.4 spectrum that there are many situations where radio communication is interrupted and would thus trigger an alarm. More then likely this would happen several times a day, making the alarm useless as people would then not actually think there was an issue but just the system acting up again. So Comcast in their infinite wisdom probably "fixed" the issue by not having it set off the alarm.

Good point about the 2.4 GHz "pollution" problem, and the fact that the system could NOT be designed to interpret simple loss-of-signal as an intrusion. In fact, the whole idea of wireless sensors in this particular application (at 2.4 GHz, at least) is a mighty dubious one, for this VERY reason.