Hacker Makes Comcast's Smart Home Security Look Dumb

Savvy burglars know many door and window alarms can be disabled with magnets. Housebreakers may now want to add tinfoil and a radio-frequency jammer to their toolboxes, as either of these items can apparently defeat Comcast's XFINITY Home wireless security systems.

A promotional image from the XFINITY Home website. Credit: Comcast

(Image credit: A promotional image from the XFINITY Home website. Credit: Comcast)

XFINITY Home's door-and-window sensors contain transmitters that use the low-power ZigBee wireless protocol to maintain contact with the XFINITY Home control hub. A researcher from Boston security firm Rapid 7 found that when the sensors lose contact with the hub, the system "fails open" by not reporting anything wrong.

"The security system continues to report that 'All sensors are intact and all doors are closed. No motion is detected,'" wrote Rapid 7's Tod Beardsley on the company blog yesterday (Jan. 5).

MORE: Best Wireless Home Security Cameras

It wasn't Beardsley, but his colleague Phil Bosco, who discovered that if he wrapped an XFINITY Home door-and-window sensor in tinfoil, then separated the sensor's two halves, the XFINITY Home hub wouldn't notice — even if the system had been armed the entire time.

(Door-and-window sensors are pretty simple. There are two pieces, one containing a magnet and the other metal, or another magnet. When a door or window opens, the pieces separate and an alarm goes off if the system is armed. XFINITY Home and many other wireless home-security systems add radio transmitters to the active half of the sensors.)

Just to make sure, Bosco then brought the separated sensor over to the XFINITY Home hub and unwrapped the tinfoil, permitting the hub and sensor to try to re-establish wireless contact a few inches apart. Nothing happened, at least not right away.

According to Beardsley, it took the system "from several minutes to up to three hours" to notice that the transmitter-equipped part of the door-and-window sensor had been separated from its other half. Several minutes would let a skilled team of burglars go through a house, provided the homeowner hadn't sprung for the more expensive of the two XFINITY Home packages, which includes motion-sensing cameras.

It might be tricky to open a window while simultaneously and successfully slipping tinfoil, or a Faraday bag of the sort that computer components ship in, over a sensor to prevent it from transmitting back to its hub.

It's easier to instead use a portable radio-frequency jammer to block the wireless signal. (The jammer might also work on the motion-sensitive cameras, but Rapid 7 didn't test those.) Jammers are illegal in the United States, but can be built at home from instructions found online. Beardsley's blog posting linked to a site that showed to build a jammer that fits into a cigarette pack.

Beardsley wrote that Rapid 7 had discovered the issue in late September and notified Comcast in early November, but never received a reply from the company. After two months of waiting, Rapid 7 went public with the disclosure, which was accompanied by a warning to consumers from the Computer Emergency Response Team at Carnegie Mellon University, sponsored by the U.S. Department of Homeland Security.

In a statement issued to media outlets, Comcast said it was looking into the problem, but defended its XFINITY Home security system as, well, no less secure than many others.

"Our home security system uses the same advanced, industry-standard technology as the nation's top home security providers," the statement said. "The issue being raised is technology used by all home security systems that use wireless connectivity for door, window and other sensors to communicate. We are reviewing this research and will proactively work with other industry partners and major providers to identify possible solutions that could benefit our customers and the industry."

Comcast does have a point — all wireless home security systems are susceptible to radio jamming. But some systems "fail closed" and sound an alarm if communications are cut off. XFINITY Home doesn't seem to, and the fact that the system takes so long to notice anything wrong even after signals are regained indicates that there may be a deeper software-implementation issue involved.

So what should users of XFINITY Home security systems do? They'll just have to wait for a software update.

"There are no practical mitigations to this issue," Beardsley wrote. "A software/firmware update appears to be required in order for the base station to determine how much and how long a radio failure condition should be tolerated and how quickly sensors can re-establish communications with the base station."

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.