Comcast home security system can let thieves walk in, researcher says

A cybersecurity researcher finds a flaw in Comcast’s XFINITY Home security system that may be able to allow a home heist right under your nose.

In the movie Ocean’s Eleven (2001), thieves lead by George Clooney build a replica of a casino vault, then switch security cameras to monitor the fake vault while they pilfer money from the real one.

Researchers with Rapid7 say Comcast’s XFINITY Home security system could also give you a false sense of security, as intruders climb in through open windows and doors that appear closed on your system.

Researcher Phil Bosco found that an attacker could jam the radio frequency that wireless sensors use to communicate with the alarm system base. In addition, the research showed, the system would not record the break in communication, and would not send out any sort of alert.

The security system continued to report, “All sensors are intact and all doors are closed. No motion is detected,” according to the Rapid7 research report.

“Someone jams the radio, opens doors or windows, commits a crime, closes the doors and windows and stops jamming the radio, and there’s no record of the jamming even happening,” Rapid7’s Tod Beardsley told Threatpost.

CERT issued a vulnerability notification about the problem.

“When component communications are disrupted, the system does not trigger any alerts and additionally may take from minutes to hours to re-establish communications, during which time no alarm escalation occurs,” advised CERT. “An attacker capable of disrupting wireless communications can avoid triggering Home Security alarm events.”

Wireless worries

One of the selling points of the XFINITY system may also be its downfall, according to cybersecurity experts.

“While the primary advantage of a wireless security system is that sensors can be more easily installed, and placed in otherwise difficult-to-reach locations, these systems have always had a significant drawback: reliability,” an anonymous ex-CIA cybersecurity expert told Archer News.

And it’s not just thieves with jamming devices.

“Wireless security systems, and in particular those that use the crowded 2.4Ghz band, can become unreliable and unstable due to interference from a variety of sources: wifi routers, microwave ovens, fluorescent lighting, baby monitors, remote controls, and even noisy electric power lines,” he explained.

Some experts say wireless security systems, like XFINITY Home, should take that problem into account.

“What is disconcerting here is that there is no provision for reporting a jammed communications channel,” said Patrick Coyle with Chemical Facility Security News. “A prolonged steady state signal at that wavelength is not a normal condition, and I would expect an alarm system to notify someone about the unusual system conditions.”

Comcast response

Rapid7 said it contacted Comcast about the vulnerability on November 2, but did not hear back, according to the disclosure timeline on Rapid7’s site. 

Comcast responded to Threatpost and other news organizations with this statement:

“Our home security system uses the same advanced, industry-standard technology as the nation’s top home security providers. The issue being raised is technology used by all home security systems that use wireless connectivity for door, window and other sensors to communicate.”

“We are reviewing this research and will proactively work with other industry partners and major providers to identify possible solutions that could benefit our customers and the industry.”

Fixing the problem

The CERT advisory said it is not aware of a practical solution to the problem.

Rapid7 said in its report that there are no practical mitigations, but a software/firmware update may be in order for the alarm’s base station.

Cybersecurity experts say you may want to choose a different kind of system for your home.

“The very best—and generally the most reliable—security system is one that uses wires instead of radio signals,” said the ex-CIA cybersecurity expert.

“Many newer homes are ‘pre-wired’ for home alarm systems,” he added. “Before opting for a wireless system, homeowners should be certain to look to see if alarm wiring already exists and use that as a first choice.”

A better system

This vulnerability doesn’t come as a complete surprise, according to The Verge.

“Security researchers have consistently warned of the security implications in connected devices because getting a functioning device to market often precedes security considerations,” The Verge reported. “Beyond providing a satisfying technology experience, developers need to also build in cybersecurity procedures, Beardsley says.”

If the vulnerability is found after the device goes to market, it is not always easy to get a response from the manufacturer.

The researchers involved in the XFINITY Home discovery told Threatpost that they tried to reach Comcast.

“We’ve had no luck,” Beardsley said in the article. “It seems to have fallen on deaf ears. We don’t even known if they have procedures for accepting bug reports.”

One cybersecurity expert says there might be a way to allow researchers to inform companies about the problems without fear of a legal response.

“Mandatory reporting mechanism with ‘litigation protection’ for security researchers seems to gain some traction, but needs to be regulated,” said Andrew Mazurek, a Toronto-based cybersecurity professional.

“We seem to try to protect vendors from security researchers,” he added. “Now we need to protect customers from vendors.”