Comcast's Xfinity home alarms can be disabled by wireless jammers
And you thought its cable service was bad …
Comcast's wireless home alarm systems can be trivially jammed, rendering them useless and allowing burglars to slip in undetected.
By flooding the airwaves around an Xfinity Home Security System with network deauthentication frames, crooks can prevent intrusion sensors from sending data to the base station in the customer's house or apartment. This means the alarm system is cut off from its sensors, which may have detected a break-in.
As The Reg went to press, the US Department of Homeland Security-sponsored CERT organization issued an alert about the bungled design – adding it is "unaware of a practical solution to this problem."
Rapid7 security researcher Phil Bosco found that by jamming the 2.4GHz ZigBee radio channel used by Comcast's gear, the base station can't communicate with its sensors, and defaults to reporting a "closed" state on doors and windows, even if the sensors detect an "open" state.
In other words, the system assumes everything is OK in the event of a network collapse. The wireless comms can be disrupted using off-the-shelf electronics much in the same way some hotels knackered guests' personal hotspots.
Furthermore, Bosco noted that when the interference is ceased, the sensors can take anywhere "from several minutes to up to three hours" to get back into contact with the base station and report the change from a closed to an open state.
"There are no practical mitigations to this issue," Rapid7 said in its report.
"A software/firmware update appears to be required in order for the base station to determine how much and how long a radio failure condition should be tolerated and how quickly sensors can re-establish communications with the base station."
Rapid7 said it attempted to report the issue to Comcast on November 2, and disclosed the flaw to CERT on November 23.
A spokesperson for US cableco Comcast told The Register: "We are reviewing this research and will proactively work with other industry partners and major providers to identify possible solutions that could benefit our customers and the industry."
We note that while it is true that similar security gear connected by ZigBee and Wi-Fi protocols are also susceptible to this sort of jamming, we hope they detect the interference and at least alert the homeowner. ®
Sponsored: DevOps and continuous delivery