Security researchers Karan Saini and Ryan Stevenson, discovered that "a bug in Comcast's website used to activate Xfinity routers can return sensitive information on the company's customers." That information consisted of Wi-Fi name and password -- in plaintext format as well as the customer's address. Karan Saini reported this first to ZDNet.
ZDNet "obtained permission from two Xfinity customers to check their information. They were able to obtain the customer's full address and zip code" successfully. It was also discovered that even if you "rename Wi-Fi network names and passwords, running the details again will return the new Wi-Fi password. There appears to be no way for customers to opt out when using Xfinity hardware.
“The researchers tried testing the vulnerability with their contacts’ consent and found entering the details of customers who used their own routers did not return the Wi-Fi name and password, but revealed full addresses and zip codes. Subscribers who used the routers included in the service bundles yielded all the data, even if they activated the router before the query and subsequently changed the credentials. With customers using Xfinity hardware, it is also possible to rename the network and change the password on the website, temporarily locking legitimate users out. An attacker within range of the unencrypted traffic would be able to read the information exchange from other users or perform man-in-the-middle attacks.”
Comcast has now removed the option from its website. A Comcast spokesperson said, "There's nothing more important than our customers' security. Within hours of learning about this issue, we shut it down and are conducting a thorough investigation and will take all necessary steps to ensure that this doesn't happen again."
Sources:
Comments