Comcast's Xfinity home security product easy to beat with simple jamming device, firm says
A security firm has kicked the tires on Comcast's (NASDAQ: CMCSA) Xfinity Home automation and security products, saying they can be severely disrupted with a simple radio jamming device.
The firm, Rapid7, said Xfinity Home has a long-standing vulnerability that allows an inexpensive radio-frequency jamming device to disable the security system.
A Comcast rep responded with this statement: "Our home security system uses the same advanced, industry-standard technology as the nation's top home security providers. The issue being raised is technology used by all home security systems that use wireless connectivity for door, window and other sensors to communicate. We are reviewing this research and will proactively work with other industry partners and major providers to identify possible solutions that could benefit our customers and the industry."
Notably, in controlling door and window sensors, motion detectors and cameras, Xfinity Home uses the same communications standards as competing home-automation systems, so Rapid7's conclusions could apply to more than just Comcast products.
Xfinity Home uses a wireless communications standard called ZigBee, which runs on the same 2.4 GHz frequency band as Wi-Fi but saves power because it transmits less data. According to the Rapid7 report, once sensors lose communication with the control hub, it can take up to three hours to re-establish a connection. However, even though the home automation system has lost contact with the sensor, it reports a secure condition for the residence.
"The news isn't that these things can be jammed," says Tod Beardsley, Rapid7's principal security manager, in the company's report. "The news is, they can be jammed, and there's no way to tell they've been jammed."
Comcast to offer professional installation of third-party devices for Xfinity Home customers
Comcast leads cable's push for cut of $13B home security and automation market
Comcast's Xfinity home automation service draws in triple play customers