- The Washington Times - Tuesday, January 5, 2016

Burglars can bypass home security systems sold by telecom titan Comcast by easily and affordably jamming the radio signals used to send messages between motion sensors, researchers revealed publicly this week.

Through interfering with the radio band used by Comcast’s Xfinity Home Security system, Boston-based IT vendor Rapid7 said in a disclosure notice published on Tuesday that its researchers had compromised the anti-intrusion service used by roughly a half-million customers from coast-to-coast.

Security sensors placed on the windows and doors at the homes of Xfinity customers normally communicate with a central base station using signals sent over the 2.4 GHz radio frequency band. By simulating an attack using only foil and a magnet, however, Rapid8 researcher Phil Bosco said he was able to knock that system offline for hours without raising any red flags.

“To demonstrate the issue, the researcher placed a paired window/door sensor in tin foil shielding while the system is in an ARMED state. While armed, the researcher removed the magnet from the sensor, simulating a radio jamming attack and opening the monitored door or window,” Rapid7 revealed. “Once the magnet is removed from the sensor, the sensor was unwrapped and placed within a few inches from the base station hub that controls the alarm system. The system continued to report that it is in ARMED state”

Once the radio band is jammed, the system’s central hub may take upwards of three hours to come back online and communicate with motion sensors. All the while, Rapid7 reported, “the security system continues to report that ’All sensors are in-tact and all doors are closed. No motion is detected.’”

“Someone jams the radio, opens doors or windows, commits a crime, closes the doors and windows and stops jamming the radio, and there’s no record of the jamming even happening,” Rapid7 principal security research manager Tod Beardsley explained to WIRED. “You would expect the base station to notice something was amiss.”


SEE ALSO: Marco Rubio calls for targeting terrorists online


“There’s no indicator to the user that something bad happened or something unusual — that it was being jammed for 20 minutes or whatever,” he added. “The sensor says ’everything is cool, everything is cool,’ and then it stops talking, and the base station says ’I guess everything is [still] cool’.”

Rapid7 said it went public with the vulnerability on Tuesday following two months of unsuccessful attempts at raising the issue with Comcast. As of August, the telecom boasted of having more than 500,000 customers subscribed to its Xfinity Home suite of interconnected apps and systems.

“Our home security system uses the same advanced, industry-standard technology as the nation’s top home security providers. The issue being raised is technology used by all home security systems that use wireless connectivity for door, window and other sensors to communicate,” Comcast said in a statement emailed to Threatpost after Rapid7 disclosed the vulnerability this week. “We are reviewing this research and will proactively work with other industry partners and major providers to identify possible solutions that could benefit our customers and the industry.”

• Andrew Blake can be reached at ablake@washingtontimes.com.

Copyright © 2024 The Washington Times, LLC. Click here for reprint permission.

Please read our comment policy before commenting.

Click to Read More and View Comments

Click to Hide