Xfinity Internet Activation Platform Caught Leaking Users’ Router Data
Recently, a major bug in Xfinity’s home internet activation platform was exposed! This was the work of the acclaimed security analysts Karan Saini and Ryan Stevenson. They discovered that the site could easily be tricked into revealing users’ router names and passwords. Originally, the site was intended for allowing new subscribers to set up the company’s internet hardware from home.
Service Glitch allowed for Unauthorized Router SSID and Password Retrieval
Hackers could retrieve this sensitive information by simply entering in subscribers customer IDs and home/apartment numbers. These particulars, of course, are not hard to come by. Just peering into an old, discarded bill could suffice.
Upon receiving these credentials, Xfinity’s platform could be made to reveal this data in plaintext.
However, routers attained from other device manufacturers were found to be unaffected by this security lapse.
Armed with this information, hackers could access all Wi-Fi networks broadcasted through the susceptible Xfinity routers. Once inside, they could change network names & passwords, monitor any unencrypted user-data flowing through them, and even lock service subscribers out.
When made aware of this significant service failing, Comcast responded by immediately shutting down its home service platform.
A company spokesman said, “There’s nothing more important than our customers’ security. Within hours of learning of this issue, we shut it down. We are conducting a thorough investigation and will take all necessary steps to ensure that this doesn’t happen again.”
Comcast is currently engaged in revamping the design interface of the site, which is expected to go live again in a few hours’ time.
Disclaimer: To our knowledge, we have made all the required efforts towards obtaining owner/publisher approval for the use of images in VISIONECLICK.COM blog posts. However, if you find violations of any sorts regarding any image, please feel free to contact us. Prices and packages mentioned may vary with time and the specific locations.