Comcast's XFINITY home security system has an as-yet unfixable glitch allowing criminals to spoof the alarm system into believing a home is not being breached.
The hack (CWE-636), discovered by Rapid7 researcher Phil Bosco, is accomplished by jamming the 2.4Ghz radio frequency used by the alarm to wirelessly communicate to its base station. By cutting communications, the system is tricked into believing the windows and doors secured by the system are closed, when in fact they can be opened without triggering the alarm.
The lone mitigating factor at this time is the hack has to be done onsite.
An immediate fix is not available, Rapid7 stated, noting that a software/firmware update to the base station – making it aware that wireless communications are down – could work.
Comcast spokesman Charlie Douglas told SCMagazine in a Wednesday email that this is an industry-wide problem and that the cable provider uses the same advanced, industry-standard technology as other home security providers.
"We are reviewing this research and will proactively work with other industry partners and major providers to identify possible solutions that could benefit our customers and the industry," Douglas said.