14 DAY TRIAL // Home security systems sold by Comcast under the Xfinity brand are vulnerable to a series of attacks, to which the alarm system responds in incorrect ways that leave houses exposed to intrusions.
Comcast Xfinity Home Security is one of those new home alarm systems that can be accessed via the Internet and controlled via a mobile app.
The home alarm system is found mainly in the US, and according to security researchers from Rapid7, the system is plagued by a series of bugs.
Alarm system fails to detect attacks, takes up to three hours to recover
Research carried out by Rapid7's Phil Bosco showed that the home alarm system fails to an open state. What this means is that when a radio frequency jamming attack is detected on the home alarm's frequency used for communications between the base station and its sensors, the latter continue to report that they're closed.
Normal security procedures say that they should fail to a closed state, alerting to the presence of a possible attack by reporting an open door or window.
In his tests, Mr. Bosco conducted an experiment by wrapping the sensors in tin foil and simulating a radio frequency jamming attack by placing a magnet on the sensor's case.
Instead of triggering an open door/window warning, after removing both the magnet and the tin foil, the sensors continued to report that the doors and windows were closed, despite being removed from the door/window and moved next to the base station.
Additionally, this failure state seems to linger on the home alarm's system, taking from three minutes to three hours to recover from the attack, meaning that any warnings may arrive well after the attackers have already left the house.
The ZigBee communications protocol is also vulnerable
Besides the Comcast Xfinity Home Security software, at fault is also the ZigBee-based communications protocol used by the alarm system, which is vulnerable to a series of attack types that cause interference or deauthentication of the underlying protocol.
"A software/firmware update appears to be required in order for the base station to determine how much and how long a radio failure condition should be tolerated and how quickly sensors can re-establish communications with the base station," said Mr. Bosco.
Following his discovery and recommendation, Rapid7 contacted Comcast at the start of November, but the company failed to respond.
In the past 40 days, other IoT home alarm systems were also found to have various types of security flaws. This includes the ones sold by Texecom and RSI Videofied.