Bad news for users of the Xfinity home security system: It can report locked doors and windows that have been bypassed by an intruder and miss an intruder’s movements, says an article on wired.com.
The intruder circumvents the system by using a radio jammer to block the 2.4 GHz radiofrequency band of the alarm system. The system won’t detect this as an anomaly, “thinking” that the doors and windows are still locked.
It gets worse. Suppose the thief ends the jamming and leaves with his loot. Then a second, unrelated intruder breaks in. He may go undetected and no alarms will go off, no remote alerts to the homeowner, because it may take the system’s sensors up to three hours to return to a functioning mode.
An Xfinity sign that’s on the property is a welcome mat to thieves who know how to circumvent the system. And the homeowner will never know anything happened until they return and see the place was ransacked. A surveillance camera, of course, will show the intrusion—unless the radiofrequency band of the camera was the same as the system and hence also jammed.
Radio jamming equipment can be constructed by anyone with half a brain about electronics.
Why can’t this system detect that anything went awry? And why does it take up to three hours for the sensors to regroup? Sounds like a lot of stuff is wrong with this system.
It’s not truly known if Comcast plans on remedying these flaws. Rapid7 security researchers contacted Comcast but have not received a reply, continues the wired.com article. Comcast has also ignored contact from WIRED and from CERT, a cybersecurity research entity.
Interestingly, once the wired.com article was posted, Comcast spokesperson Charlie Douglas issued a statement inferring that these flaws exist in any home security system. However, it has not been confirmed that these flaws are inherent in wireless home security systems in general.
So will Comcast patch up the flaw? Douglas’s response to WIRED was rather evasive, again stating that it was an “industry issue,” and that he’s not even sure that a “simple patch” is even the solution.