Skip to main content

Xfinity website bug revealed home addresses and Wi-Fi passwords

This week, ZDNet reported that a Comcast website used to activate Xfinity routers was leaking personal data, including a person's home address, the name of the Wi-Fi network and password. This bug was first uncovered by two researchers, Karan Saini and Ryan Stevenson. Saini and Stevenson found that they only needed a customer ID and house or apartment number (not the full address) in order to force the website to deliver the information. This, in spite of the fact that the form did request a full address. This information can be obtained from a discarded bill, or if an attacker only has the ID, they can guess a house/apartment number. ZDNet was able to confirm that the bug indeed returned home addresses, as well as Wi-Fi username and password information in plain text. For one user they tested who didn't use Xfinity's router, the website returned the home address but not the username or password of the Wi-Fi network (another reason to always use your own router). If this wasn't bad enough, it's possible someone could have used this method to rename a Wi-Fi network or change the password, locking someone out of their own network. Tips to Sell a House Quickly Comcast is aware of the issue and has removed the option from its website. "There's nothing more important than our customers' security," a Comcast spokesperson told ZDNet . "Within hours of learning of this issue, we shut it down. We are conducting a thorough investigation and will take all necessary steps to ensure that this doesn't happen again." Still, considering that the service just introduced its mesh routers last night , the timing of this discovery isn't great. It's good that the company acted quickly, but it doesn't change the fact that this breach of security happened in the first place.
Labels:

Comments

Post a Comment

Popular posts from this blog

Security company in Bellevue vandalized

BELLEVUE, Neb. (KMTV) - An Omaha home security company based out of Bellevue is using its own camera to help track down a thief who stole items from outside their building. Chris Malmberg, the owner of Omaha Security Systems Inc. says an unidentified man stole nearly $300 worth of landscaping Sunday night. "The motion sensors went off and I got a notification on my phone that he was there. We saw him take the plants, we watched him drive away and then immediately contacted police," said Malmberg. "He was real nervous, but he ended up stealing shrubbery, Hosta plants, I mean - never in my life have I ever known somebody to steal landscaping." Malmberg said the plants could be replaced, but what's frustrating is that this is one of several vandalism incidents his business has experienced since OSSI moved into the building near Jefferson and Mission Ave. "We've had vandalism, we've had items stolen, or attempted to be stolen, with the security that we...
Post a Comment
Read more

Study: Majority of U.S. Broadband Households Concerned About Security of IoT Devices

As Internet-connected devices become more ubiquitous, security and privacy concerns of end users are also on the rise. Simply installing security systems in smart homes is no longer enough. Security integrators must also consider bolstering cybersecurity measures when installing their systems. A recently released whitepaper from IoT research firm Parks Associates, titled “Residential Security and Encryption: Setting the Standard, Protecting Consumers,” reveals that 64% of U.S. broadband households are concerned about security and privacy when using their connected devices. Parks Associates also found that the majority of homeowners assume security integrators are addressing their cybersecurity concerns. In fact, a Parks Associates survey of U.S. security owners found 63% of professionally monitored subscribers believe the wireless signals from their system are encrypted, even though encryption is currently not the industry-wide standard. While the whitepaper outlines a few ...
Post a Comment
Read more

Ring Alarm review: A great DIY home security system with the potential to become even better

Ring builds some of our favorite video doorbells and security camera/outdoor lighting mashups. Now the company—recently acquired by Amazon—is moving inside the home with a strong and inexpensive DIY home security system: Ring Alarm. It’s a fantastic product today, and Ring says it will only get better with time. Ring Alarm is positioned as a mainstream home security system, and while you won’t find a great deal of innovation here (there’s nothing like the Nest Detect sensor that comes with the much-more-expensive Nest Secure system , for example), it’s already equipped with everything it needs to grow into a comprehensive smart home system. Ring Alarm doesn’t support smart lighting controls, door locks, thermostats, garage-door openers, or other common smart home products today, and there’s a very short list of supported third-party products. But it lacks nothing needed to support those and similar devices down the road. And in an intervi...
Post a Comment
Read more