Xfinity's Security System Flaws Open Homes To Thieves

Well this is pretty scary. Do any of you guys use Comcast’s Xfinity Home Security system? If you do, make sure you read this.

All a thief has to do is use radio jamming equipment to block the signals that pass from a door, window, or motion sensor to the home’s baseband hub, according to Tod Beardsley, security research manager for Rapid7. The system fails to recognize when communication is halted and also “fails positive” instead of alerting the homeowner to a negative condition—that is, it will continue reporting that all sensors are intact and that windows and doors are secured even if they’re not, instead of warning homeowners to check the window or door.

And how much do customers pay for this "feature"?

I like how they claim "all security systems" have this flaw. I went DIY with a Honeywell unit, and it alerts if it loses contact with a sensor, or if it's tampered with, or if the system is being jammed. Comcrap corporate BS at it's finest.

Yet another reason why I prefer a wired system just like with networking.

So easy! All you have to do is:

1. Know the house uses xfinity security.

2. Have high-powered, presumably expensive broad-spectrum radio jamming equipment.

3. Know where their sensors are so you can place the jammer properly.

etc., etc.

Security panic-mongers always assume the worst-case scenario for the target and the best-case scenario for the threat. In real life, most burglars are low-tech opportunists who rely more on speed and anonymity than James Bond tactics.

The one time I've been burgled, the guy smashed the window in my front door to unlock it, ran into the master bedroom which was right around the corner, pulled a pillow-case off a pillow, opened the top-center drawer of the dresser (the one lined in green velvet with little compartments that screams "Put your jewelry right here!", and everybody does just that) and emptied it into the pillow-case. Then he went to the armoire beside the bed and did the same with the green-velvet-lined drawer there. Then he emptied the two or three jewelry boxes that sat in the armoire or on top of the dresser. In and out in 10 minutes or less, with every piece of my wife's jewelry that was worth more than $5 and that she wasn't wearing that night.

When we got home two hours later, saw the shattered glass in the front entryway, and called the police, they were there in about 15-20 minutes. Not bad response time, really, but if we had had an alarm system, what difference would it have made? And this wasn't an alarm signal, this was us calling 911 and saying our house was robbed and the bad guys might still be in the house--we waited in the driveway just in case.

Thats what happens when you put thieves in charge of your home security system.

I've written central station software and video surveillance software... there are things alarm systems are good and bad at. I've seen video of similar smash and grabs from jewelry stores and other locations. If the guy wears a mask/hoody/whatever and then breaks a window or lock - they can be in and out so fast there's no chance you can stop or catch em. And video footage isn't great in the dark and if they have a mask it's that much worse. Unless the police or somebody already knows who they are looking for your chances are slim.

Still, it's nice to know how they did it, where they were, what they did etc. My wife in particular has had a lot of comfort from watching the video of the last robbery on our street. If you're away from home/work it's nice to know you were broken into so you can deal with it right away.

Video surveillance works really well for schools, businesses, etc where you know everybody on camera and are looking for employee theft, fights, whatever.

As for the wireless sensor jamming, it's probably not that hard or expensive to be honest. Most equipment operates on one of two bands and they don't setup the gear to alert when it goes offline because it's wireless and they're worried about lots of false alarms due to the unstable nature of wireless sometimes. Customers/police/etc get upset by false alarms and customers cancel their services. Also, many pieces of equipment that operate wirelessly only broadcast when their status changes (saves battery life), which means a jammer just makes it look like nothing has happened. I'm not sure how this particular system works but it may very well be exactly that.