OUR BLOG

Major Security Flaws in Commodity-Grade and DIY Home Automation


People often ask why they should use Symbio Lighting + Control for their home automation when companies like Comcast/Xfinity and AT&T offer basic automation already. Well, if you are concerned about security and keeping your personal details out of the hands of hackers, you may want to reconsider this kind of commodity-grade and do-it-yourself home automation.

According to a report by Rapid7, would-be hackers could easily target the ZigBee-based wireless platform Comcast uses in the 2.4-Gigahertz band, which, Rapid7 claims, can be jammed to block communications between the Xfinity Home hub and other components of the home automation and security system, such as door sensors.

Xfinity Home “does not fail closed with an assumption that an attack is underway,” Rapid7 said. “Instead, the system fails open,” meaning that the sensors would believe that all sensors are intact, all doors are closed and no motion is detected. That improper state can last from anywhere from several minutes to three hours, it said.

There are a number of techniques available to cause interference or deauthenticate the underlying ZigBee-based communications protocol, Rapid7 said, including commonplace radio-jamming equipment.

“By creating a failure condition in the 2.4-GHz radio frequency band, the Comcast Xfinity Home Security System fails open, with the base station failing to recognize or alert on a communications failure with the component sensors,” the researchers said. “In addition, sensors take an inordinate amount of time to re-establish communications with the base station, even if their ‘closed’ state is switched to ‘open’ during the failure event.”

http://www.multichannel.com/security-firm-pokes-holes-xfinity-home/396409