Xfinity Internet Activation Platform CAUGHT Leaking Users’ Router Names & Passwords
Recently, a major bug in Xfinity’s home internet activation platform was exposed! This was the work of the acclaimed security analysts Karan Saini and Ryan Stevenson. They discovered that the site could easily be tricked into revealing users’ router names and passwords. Originally, the site was intended for allowing new subscribers to set up the company’s internet hardware from home.
Service Glitch allowed for Unauthorized Router SSID and Password Retrieval
Hackers could retrieve this sensitive information by simply entering in subscribers customer IDs and home/apartment numbers. These particulars, of course, are not hard to come by. Just peering into an old, discarded bill could suffice.
Upon receiving these credentials, Xfinity’s platform could be made to reveal this data in plaintext.
However, routers attained from other device manufacturers were found to be unaffected by this security lapse.
Armed with this information, hackers could access all Wi-Fi networks broadcasted through the susceptible Xfinity routers. Once inside, they could change network names & passwords, monitor any unencrypted user-data flowing through them, and even lock service subscribers out.
When made aware of this significant service failing, Comcast responded by immediately shutting down its home service platform.
A company spokesman said, “There’s nothing more important than our customers’ security. Within hours of learning of this issue, we shut it down. We are conducting a thorough investigation and will take all necessary steps to ensure that this doesn’t happen again.”
Comcast is currently engaged in revamping the design interface of the site, which is expected to go live again in a few hours’ time.
Disclaimer: Although all requisite efforts have been made to procure owner/publisher approval for the images used in VisiOneClick.com Blog posts, we apologize (in advance) for any unintended and/or uninformed copyright violations still incurred therein. If you feel that your material has been used without your tacit consent, please feel free to correspond with us through Contact Us page.