Comcast XFINITY Home Security Flaw Gives Intruders an Opening

Although the smart home security field is garnering increasing consumer interest, one of the major players in the space is facing a cybersecurity issue that could have a chilling effect on the market. A vulnerability in Comcast XFINITY’s Home Security System could open the door—literally—to intruders.The US cable giant’s home security offering is a remote­-enabled home security system, consisting of a battery-­powered base station and one or more battery­-powered sensors, all using the open standard ZigBee wireless communication protocol to communicate with each other. The Rapid7 team has uncovered a flaw that could cause the security system to fail to sense an intruder’s motion, meaning that home owners wouldn’t be alerted when doors or windows are opened.By causing a failure condition in the 2.4 GHz radio frequency band, the security system does not fail closed with an assumption that an attack is underway. Instead, the system fails open, and the security system continues to report that "All sensors are intact and all doors are closed. No motion is detected."