XFinity Smart Home Flaws Could Enable Burglars

A vulnerability in Comcast's XFinity Home security system could allow burglars to disable door and window alarms with radio jamming attacks.
A vulnerability in Comcast’s XFinity Home security system could allow burglars to disable door and window alarms with radio jamming attacks.

A security flaw in smart home technology sold by Comcast could allow would-be burglars to disable door and window alarms using radio-jamming attacks, according to research from the firm Rapid7. 

A security flaw in smart home technology sold by Comcast could allow would-be burglars to disable door and window alarms using radio-jamming attacks, according to research from the firm Rapid7. 

Rapid7’s Tod Beardsley said in a blog post that a researcher working for the firm, Phillip Bosco, discovered a “failure condition” in the Xfinity Home security system. According to Bosco, in the security system is vulnerable to radio “jamming” attacks that would allow attackers to spring locked doors and windows without triggering an alert. The story was first reported by Wired

The Xfinity Home system is a radio-based system that operates within the 2.4 GHz radio frequency band and communicates using the ZigBee communications protocol. Bosco found that the system, under attack by radio jamming equipment, does not “fail closed” – alerting the system operator that it is under attack. Rather, the system “fails open,” indicating that sensors are in-tact and no motion is detected, even when that is not the case.

Sensors could be knocked offline for an indeterminate period of time without triggering an alert from the XFinity Home system. Similarly, even after attacks subside, XFinity Home sensors take “a significant amount of time” to reconnect with the XFinity Home hub.

Bosco, the Rapid7 researcher, demonstrated the vulnerability using a manual attack: wrapping the XFinity sensor in tinfoil to block its signal before removing a paired magnet from the sensor, to simulate a door or window opening. The sensor was then unwrapped and placed near the XFinity base station hub that controls the alarm system.

According to Beardsley, the system continued to register that it was ARMED.

Inexpensive radio jamming equipment that can be purchased online or built from scratch could be used to blind the sensor. Also, attackers might use software-based attacks on the ZigBee protocol itself, Rapid7 warned.

The announcement comes on the eve of the Consumer Electronics Show in Las Vegas, where Comcast is promoting its national network infrastructure, including home-based wifi hotspots, as a foundation on which connected devices can communicate.

As it stands, there is no workaround for the sensor problem, though Rapid7 said that Comcast could address the issue with a software patch to its XFinity Home hubs, but it is unclear when or if such a patch will be made available. In an e-mail response to The Security Ledger, Comcast spokesman Charlie Douglas said that the company was reviewing the Rapid7 research and will “proactively work with other industry partners and major providers to identify possible solutions that could benefit our customers and the industry.”

[Read Security Ledger coverage of connected home technology here.]

There is some dispute about the timing of the disclosure. Rapid7 claims that it provided Comcast with details of its research on November 2 and gave Comcast sixty days to respond. The company did not reply, however.

XFinity sensors rely on magnets to detect when doors and windows are opened, or closed.
XFinity sensors rely on magnets to detect when doors and windows are opened, or closed.

Rapid7 also informed Carnegie Mellon’s CERT computer emergency response team. A CERT analyst, Art Manion, was also quoted by Wired saying that it reached out to Comcast in late November and early December, but got no response.

In his e-mail Douglas of Verizon stuck to earlier assertions that the problems identified by Rapid7 aren’t unique to XFinity Home.

The company’s home security system “uses the same advanced, industry-standard technology as the nation’s top home security providers,” he wrote. “The issue being raised is technology used by all home security systems that use wireless connectivity for door, window and other sensors to communicate.”

This isn’t the first time researchers have found vulnerabilities in a new generation of home automation solutions that leverage small, inexpensive sensors, home wi-fi Internet connectivity and wireless protocols like Zigbee.

In February, 2014, the security firm IOActive reported a number of serious security holes in home automation products from the firm Belkin that could allow remote attackers to use Belkin’s WeMo devices to virtually vandalize connected homes or as a stepping stone to other computers connected on a home network.

Spread the word!

Comments are closed.