Comcast might be best known for its cable service, but they also sell home security systems. Many businesses use Xfinity, or a comparably engineered security system. That’s why recent developments are so troubling. Security vendor Rapid7 recently tried to contact Comcast about a potential flaw in the security systems they sell. This flaw allows the system’s sensors to be disabled via simple, low-cost radio equipment that essentially jams the base unit, preventing it from detecting an entry, authorized or not.
Comcast’s response to this revelation has been somewhat lacking. They have informed various media outlets that they are reviewing the research, and will plan an appropriate response, but have offered no timetable for either. In the meanwhile, Rapid7 has said that they’ll give Comcast 60 days to respond to the research before releasing the details to the public.
This is fairly standard practice. Most research groups, including Google’s own research teams, use the same methodology and time frame when they unearth security flaws as a means of prompting swift action where fixes are concerned.
At this time, no fix or workaround exists to prevent this jamming from occurring. Even worse is the fact that part of Comcast’s official statement was to state that their own security system is designed along the same current best practices that all of the other major security system providers are currently using. Although Rapid7 did not run tests on the security systems manufactured by other companies, based on Comcast’s own statements, it seems clear that all of the major security systems on the market today are vulnerable to this hack.
2016 has only just begun, and it is clear that the business environment is more dangerous than ever. Not only do business owners have to contend with hackers attempting to access their data, and/or breaking into the growing legion of internet objects populating the web, but now, it seems that even physical security measures can be hacked. Get ready, it’s going to be a rough and tumble year.