Researchers Find Comcast Xfinity Home Security Vulnerable to Hacking

A cybersecurity firm reports the system’s radio can be hacked and tricked into reporting that ‘All sensors are intact and all doors are closed. No motion is detected.’

Initiating a failure condition in the 2.4GHz radio frequency band in Comcast’s Xfinity Home security system could allow attackers to open protected doors and windows without triggering alarms, researchers with cybersecurity firm Rapid7 wrote in a blog post Monday.

RELATED: Lawsuit Against Comcast Installing Security Systems Overturned by Massachusetts Attorney General

The security vulnerability relates back to the way in which the system’s sensors communicate with their home base station. Comcast’s system uses the ZigBee protocol, but does not maintain the proper checks and balances, allowing a given sensor to go minutes or even hours without checking in, The Verge reports.

The biggest hurdle in exploiting the vulnerability is finding or building a radio jammer, which are illegal under federal law. Attackers can also circumvent alarms with a software-based de-authentication attack on the ZigBee protocol itself, although that method requires more expertise, The Verge article explains. Attackers would also need to know a house was using the Xfinity system before attempting to break in, a major hurdle in exploiting the finding.

SSI RESEARCH: Rating the Cybersecurity Risk

To prove his findings, Rapid7 researcher Phil Bosco simulated a radio jamming attack on one of his system’s armed window sensors. While jamming the sensor’s signal, he opened a monitored window. The sensor said it was armed, but it failed to detect anything out of the ordinary. But perhaps even more worrisome than the active intrusion itself is that the sensor had no memory of it happening and took anywhere from several minutes to three hours to come back online and reestablish communication with its home base.

The attack plays off a fundamental vulnerability in wireless devices. Anything that relies on wireless communication can be taken offline by a jamming attack. But Rapid7 was surprised by how poorly the Xfinity system responded in the aftermath of such an attack.

RELATED: Integrators Identify 10 Critical Cybersecurity Challenges

“Something designed for [physical] security should anticipate an active attacker because that’s the whole point of it,” Tod Beardsley, security research manager at Rapid7, told The Verge. “The fact that they don’t do that is concerning.”

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

Security Is Our Business, Too

For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.

A FREE subscription to the top resource for security and integration industry will prove to be invaluable.

Subscribe Today!

Get Our Newsletters