Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Comcast's Xfinity home alarms can be disabled by wireless jammers

And you thought its cable service was bad …

Comcast's wireless home alarm systems can be trivially jammed, rendering them useless and allowing burglars to slip in undetected.

By flooding the airwaves around an Xfinity Home Security System with network deauthentication frames, crooks can prevent intrusion sensors from sending data to the base station in the customer's house or apartment. This means the alarm system is cut off from its sensors, which may have detected a break-in.

As The Reg went to press, the US Department of Homeland Security-sponsored CERT organization issued an alert about the bungled design – adding it is "unaware of a practical solution to this problem."

Rapid7 security researcher Phil Bosco found that by jamming the 2.4GHz ZigBee radio channel used by Comcast's gear, the base station can't communicate with its sensors, and defaults to reporting a "closed" state on doors and windows, even if the sensors detect an "open" state.

In other words, the system assumes everything is OK in the event of a network collapse. The wireless comms can be disrupted using off-the-shelf electronics much in the same way some hotels knackered guests' personal hotspots.

Furthermore, Bosco noted that when the interference is ceased, the sensors can take anywhere "from several minutes to up to three hours" to get back into contact with the base station and report the change from a closed to an open state.

"There are no practical mitigations to this issue," Rapid7 said in its report.

"A software/firmware update appears to be required in order for the base station to determine how much and how long a radio failure condition should be tolerated and how quickly sensors can re-establish communications with the base station."

Rapid7 said it attempted to report the issue to Comcast on November 2, and disclosed the flaw to CERT on November 23.

A spokesperson for US cableco Comcast told The Register: "We are reviewing this research and will proactively work with other industry partners and major providers to identify possible solutions that could benefit our customers and the industry."

We note that while it is true that similar security gear connected by ZigBee and Wi-Fi protocols are also susceptible to this sort of jamming, we hope they detect the interference and at least alert the homeowner. ®

 

Similar topics

Similar topics

Similar topics

TIP US OFF

Send us news


Other stories you might like