A vulnerability in Comcast’s Xfinity Home Security system could allow thieves to break into homes without triggering the alarm, researchers have warned.
Xfinity Home Security relies on battery-powered sensors to detect an intruder. The sensors communicate with a base station via the wireless communication protocol ZigBee over the 2.4 GHz radio band. The system is also capable of sending alerts via text or email to the user.
According to security firm Rapid7, Xfinity Home Security is plagued by a vulnerability that can be exploited by an attacker to trick the system that all windows and doors are closed and no motion is detected.
The flaw was discovered by Rapid7 researcher Phil Bosco in late September. The security firm attempted to contact Comcast to report the vulnerability, but for the time being there doesn’t appear to be a fix for the issue.
The problem with the Xfinity product is that if a failure condition is caused in the radio frequency band, the system fails open and assumes that all sensors are intact and all doors are closed, instead of failing closed and assuming that someone might be trying to break in.
Once the connection between the base station and the sensors is lost, it takes between several minutes and three hours to re-establish communications. However, no matter for how long the radio failure lasts, an alert is not triggered.
“To demonstrate the issue, [Phil Bosco] placed a paired window/door sensor in tin foil shielding while the system is in an ARMED state. While armed, the researcher removed the magnet from the sensor, simulating a radio jamming attack and opening the monitored door or window,” Rapid7 security research manager Tod Beardsley explained in a blog post.
“Once the magnet is removed from the sensor, the sensor was unwrapped and placed within a few inches from the base station hub that controls the alarm system. The system continued to report that it is in ARMED state,” Beardsley added.
Rapid7 has pointed out that there are several methods that can be used to disrupt communications between the sensors and the base station. The list includes the use of radio jamming equipment, which is widely available, and a software-based deauthentication attack targeting the ZigBee protocol.
Researchers believe there are no mitigations for the vulnerability since a software or firmware update is required to specify how radio failure should be handled.
CERT has also published an advisory describing the Xfinity vulnerability. The agency, which reported the issue to Comcast on November 24, also said it’s unaware of a practical solution to the problem.
“Our home security system uses the same advanced, industry-standard technology as the nation’s top home security providers. The issue being raised is technology used by all home security systems that use wireless connectivity for door, window and other sensors to communicate,” Comcast told SecurityWeek. “We are reviewing this research and will proactively work with other industry partners and major providers to identify possible solutions that could benefit our customers and the industry.”
Vulnerabilities in Other Security Systems
This is not the first time a security system has been analyzed by experts. In late December, security researcher Luca Lo Castro reported finding some security issues in a grade 3 security system from UK-based Texecom. The expert discovered that communications between the product’s ComIP module and the mobile app that allows users to control the system are not encrypted, allowing an attacker with access to the network to compromise the system.
The vendor confirmed the existence of the issue, but argued that its self-monitoring products are reliant on the local network being secure.
In November, researchers with UK-based security consultancy Cybergibbons analyzed an alarm system from France-based RSI Video Technologies. Experts uncovered a series of vulnerabilities that can be exploited by malicious actors to remotely spoof alarms and intercept data, including videos recorded by the system.
*Updated with statement from Comcast