Comcast's Xfinity Home Security Flaw Leaves Doors Open

itwbennett writes: Researchers at Rapid7 have disclosed vulnerabilities in Comcast's Xfinity Home Security offerings that prevent the system from alerting homeowners to unsecured doors or windows and would also fail to sense an intruder's motion in the home. The root cause of the problem can be found in the ZigBee-based protocol used by Comcast's system to operate over the 2.4 GHz frequency band. Rapid7's Phil Bosco discovered that the Xfinity Home Security system does not fail closed with an assumption of an attack if radio communications are disrupted. Instead, the system fails open, reporting that all sensors are intact, doors are closed, and no motion is detected.

Re:You get what you deserve for using comcast.

[macs4all]

I would imagine that since it operates in the 2.4 spectrum that there are many situations where radio communication is interrupted and would thus trigger an alarm. More then likely this would happen several times a day, making the alarm useless as people would then not actually think there was an issue but just the system acting up again. So Comcast in their infinite wisdom probably "fixed" the issue by not having it set off the alarm.

Good point about the 2.4 GHz "pollution" problem, and the fact that the system could NOT be designed to interpret simple loss-of-signal as an intrusion. In fact, the whole idea of wireless sensors in this particular application (at 2.4 GHz, at least) is a mighty dubious one, for this VERY reason.

Re:You get what you deserve for using comcast.

[silas_moeckel]

It depends on how long of a loss of signal, a few ms sure a few seconds sure, get to 30 seconds and well you have a problem. And thats assuming that it's a missed poll. Polling a battery powered devices is a battery trade off. Mind you the zigbee wireless is a hell of a lot more secure than what ADT is putting in for wireless. Think remotes that can disarm the system without even rolling key aka 1980's garage door opener.