Comcast Exposes Customer WiFi SSIDs and Passwords For Customers Paying To Rent A Comcast Router
from the pay-to-be-hacked dept
Look, when it comes to Comcast, it’s obviously quite easy to slap the company around for any number of its anti-consumer practices. Just sampling from the most recent news, Comcast was sued over its opt-out mobile hotspot from your home router plan, the company has decided to combat cord-cutting by hiking prices and fees on equipment for customers who cord-cut cable television, and it also has put in place a similar plan to charge all kinds of bullshit fees on equipment installations for customers who aren’t bundling in other services with its ISP offering. You should be noticing a trend in there that has to do with how Comcast handles so-called “equipment rental” fees for its broadband customers and how it handles customers that choose to bring their own device to their home networks instead. Comcast has always hated customers that use their own WiFi routers, as the fees for renting a wireless access point represent a huge part of Comcast’s revenue.
Which is why you would think that the company would at least not expose the home networks of customers who use that equipment. Sadly, it seems that Comcast’s website made the network SSIDs and passwords available in plain text of customers who were renting router equipment, while those that used their own routers were completely safe.
A security hole in a Comcast service-activation website allowed anyone to obtain a customer’s Wi-Fi network name and password by entering the customer’s account number and a partial street address, ZDNet reported yesterday.
The problem would have let attackers “rename Wi-Fi network names and passwords, temporarily locking users out” of their home networks, ZDNet wrote. Obviously, an attacker could also use a Wi-Fi network name and password to log into an unsuspecting Comcast customer’s home network.
It should be noted that Comcast almost immediately addressed the security flaw in its website after ZDNet’s report. Still, we’re not in the business of giving high marks to a company that fixes a laughable security hole on its website. Comcast reps also claimed that “There’s nothing more important than our customers’ security.” But, if that were true, Comcast’s position would be to advocate its customers use their own routers rather than renting Comcast routers, as those who did so were completely protected from this security risk.
Just to be clear, we’re talking about really sensitive information exposed by this website flaw. WiFi network names and passwords are one thing, but malicious actors were also presented with the routers’ physical home addresses, despite the attacker not needing a customer’s full home address in order to access that information. And all of this was presented in plain text.
Any company making these kinds of dangerous mistakes would be bad, but it’s worth putting all of this in the context of Comcast both operating in a competition-deprived unregulated ISP market and that it is trying to get even bigger through major acquisitions to gobble up even more market-share. That kind of attempt at ISP monoculture makes any security flaw exponentially worse and Comcast has not demonstrated its ability to live up to the security task.
Meanwhile, why anyone would rent a Comcast WiFi router is completely beyond me.
Filed Under: passwords, privacy, routers, wifi
Companies: comcast
Comments on “Comcast Exposes Customer WiFi SSIDs and Passwords For Customers Paying To Rent A Comcast Router”
I LIKE IT!!!
Who can you bitch at if your computer gets hacked??
You are a corp and your Computer access and network crashes, BECAUSE the router failed??
This really SHOWS how well their programmers work..
“Look, when it comes to Comcast, it’s obviously quite easy to slap the company around for any number of its anti-consumer practices.”
he he he… regulations? Those things you keep saying are gonna save you? Good luck, even if they do get fined they will not get fined enough to deter, they will likely get fined just enough for it to still be profitable to screw customers. Meanwhile government gets to collect a nifty payday off the backs of the voters AND gets to claim they did something about it.
Sounds like a Win-Win for politicians and a lose-lose for consumers.
Re: Regs
So if the customers are getting poor service now with minimal regs in place protecting them, obviously No regs will make things better because?
Re: Re: Regs
Because the altered reality in which that poster lives says so.
Re: Re: Re: Regs
I know right… says the person watching as those regulations are NOT helping.
If anyone is living in an altered reality it would be you.
Re: Re: Re:2 Regs
.. says the poster that no one else agrees with.
Re: Re: Re:3 Regs
Well if that is your go to justification then I got some sad news for you.
Do you know how many other people were against the masses only to be proven right later?
Now, time to back up where I am wrong. What am I wrong about? Right now we are looking at the FCC helping businesses instead of the consumers they are supposed to be protecting. So has the FTC, and so has many other agencies as well.
In fact, with all of the revolving doors between businesses and regulatory agencies combined with all of the donations politicians get from them for their campaigns I just don’t know how else to so it…
You guys got suckered… and big time too. In fact this is just like the “Emperor’s new clothes” all over again. The emperor is buck fucking naked, but you won’t dare say it because everyone has already been told, only intelligent people can see them and you dare not reveal yourself to be stupid.
Don’t worry, not only are you being shown for a fool, the emperor is as well. Good luck with all of that, you are clearly going to go far while the business giants continue to rape you as the FCC looks on.
Re: Re: Regs
I didn’t say No regs did I? I said “Those things you keep saying are gonna save you?”
What is even better is that “those regulations” are what is keeping these people from having the ability to move away from the garbage that is comcast.
NN is a farce designed to keep you distracted from the bigger picture.
If you want NN, FINE but only AFTER we get rid of the regulations cementing the monopolies these ISP’s are enjoying. Until then, you you are only fighting the symptom and NOT the problem.
Re: Re: Re: Regs
Which specific regulations support the comcast monopoly and can be removed that will open up the market?
I have a single choice for broadband. Fios has cable running down my street but made the economic decision not to offer me service. There isn’t any law saying they can’t. Spectrum and Fios divied up the city so most areas only have one or the other.
Re: Re: Re:2 Regs
They are ON RECORD officially regulating them as monopolies. You are either ignorant or too stpuid to take part in this discussion.
But here you go! A snippet from Wikipedia just to start with.
“https://en.wikipedia.org/wiki/Federal_Communications_Commission”
“For many years, the FCC and state officials agreed to regulate the telephone system as a natural monopoly.[39]”
And you can look up all the lawsuits, deals, and subsidies that have happened for the various ISP’s. I know this will go over your little noggin, but they have very little reason to compete with each other because if they do, then they might start seriously competing back and the only thing they lose is money! The regulatory landscape is PRO INCUMBENT and ANTI NEW BLOOD! It’s not some fucking secret either!
Re: Re: Re:3 Regs
The phrase “regulate X as a natural monopoly” does not mean “grant a monopoly on X”, but rather “recognize that X is naturally a monopoly, and therefore needs to be regulated so that the monopoly is not abused”.
So, again… which regulations, specifically, are supporting the Comcast monopoly and can be removed in order to open up the market?
Please cite specific regulations from the relevant publications, including links if possible.
Re: Re: Re: Regs
You keep attacking regulations that are not exactly the ones you want while ignoring the real problem, the way that regulatory agencies in the US are set up.
Over here in the UK, regulatory agencies generally do their job of protecting the public, but then their heads are not short term appointments, and so there is no revolving door that leads to regulatory capture.
Re: Re: Re:2 Regs
“You keep attacking regulations that are not exactly the ones you want while ignoring the real problem, the way that regulatory agencies in the US are set up.”
I will agree with you there. But that cannot change until people start holding Congress responsible for not changing how they are setup. Right now people only want to blame the FCC and hold their own politicians blameless during the next election. Sorry but NN just is not an agenda item during elections for most people, they consider other issues far more important.
“Over here in the UK, regulatory agencies generally do their job of protecting the public, but then their heads are not short term appointments, and so there is no revolving door that leads to regulatory capture.”
I cannot speak to how the UK does things because I don’t care how they do it. I only care how we are doing it. Sure you way might be better but we are not going to get your way either because our politicians get to ignore this problem because my fellow citizens are fucking clueless as can absolutely be.
Re: Re: Regs
Because all Regulations are BAD!
PS I never said All regulations are BAD quit “lying”!
Every Nation eats the Paint chips it Deserves!
Re: Re: Re: Regs
Hey chip! Welcome back you silly fucking idiot!
I actually DO say “all regulations are bad”… you can’t even lie correctly.
Here is my position.
all regulations are bad, but I do not agree with total deregulation because while regulations are bad, there are worse things to deal with than regulations.
So, I fully support those “bad regulations” to help ensure that anti-trust and anti-monopoly tolls are available to fight off the negative effects of plain old natural “human greed” in Capitalism. You see, when a business obtains a monopoly or builds a trust that creates a conflict of interest it does not serve “the people” so they need a way to fight them other than “free-market”. Free market mind you is still essential, but it is clear that people are far to lazy and ignorant to fight corruption, especially when that corruption services them. So there needs to be a 3rd party given power to help get rid of it.
It’s not perfect, but nothing is perfect anyways.
I know this is all too much for you to swallow after you have filled up on paint chips but please try anyways!
Re: Re: Re:2 Regs
So your “solution” is less regulation and more government? What could possibly go wrong?
Re: Re: Re:3 Regs
lets talk specifics.
the words “less regulation” means exactly shit and simultaneously reveals that you not only do not know what you are talking about but also think that only adding regulations is the solution.
I propose removing the regulations that allow the businesses to own private property on public lands. This means the wires become public property just like roads. The government can then invite private businesses to bid on how much they would charge to build out infrastructure. The businesses using those wires share the cost of that according to their customers usages.
Keep the anti-trust and anti-monopoly regulations, in fact make the STRONGER!
Now, I am sure that this would results in a net reduction of regulations because I would also want to get rid of all the rules allowing local governments to make exclusive deals with businesses either.
And I would definitely want to send the FTC a huge fucking wake-up call by mass firing the regulators and telling them that their budgets are 80% reliant on the fines the access from the Telco’s. When money if a motivator they will jump on them like city cops on traffic violators. ISP will eventually lose enough money to stop playing the game.
Re: Re: Re:4 Regs
Richard Bennett is not going to let you suck Pai off instead, you know. Monopoly and all that.
Re: Re: Re:4 Regs
Oh, hey, here’s an actual specific regulatory proposal!
Followed by a vague generality about antitrust and anti-monopoly regulation (that’s a fairly broad field, but it’s still not clear which regulations you do and don’t consider to qualify), and a proposal for “fire them all, then give their replacements a strong incentive to over-regulate”, which seems so self-evidently stupid I don’t even know where to start talking about it.
But hey, one specific regulatory proposal is at least a starting point for a discussion!
Re: Re: Re:2 Regs
You also say “I never insult people.” And I know what words mean.” And I know well over two quotes!”
Re: Re:
Oh, well, if it would be like 10% of yearly revenue, it might make a dent.
I just don’t understand this. Wireless routers are dirt-cheap, you can buy one from just about anywhere, install it yourself, set it up exactly the way you like, and NO ONE ELSE will know the password or any other details.
Even if you RENT a router from your cable provider, there should not be any difference. It’s hard to imagine that personal information that should remain locally in the router is somehow (and for no good reason) getting transmitted to their corporate office. (But then the MAC address of every computer ever plugged into the modem is transmitted to the ISP, which they log and save forever, an appalling violation of privacy)
Re: Re:
I don’t know what Comcast is charging… but my local thrift store always has a few (used) routers for sale, for less than what local ISPs charge per month. Sometimes old, sometimes with recent Wifi standards like ‘ac’.
The equipment rental doesn’t cover protecting customer data…
You need the $2.99/month add-on to do that.
Re: Re:
Making your WiFi password public is a free service of Comcast. Free with your equipment rental.
When a guest asks “What’s your WiFi password?” you can simply tell them you’re on Comcast they can easily look up your WiFi password.
When the neighbor’s kid wants to download copyright content, he can easily and conveniently use your WiFi password! That’s convenience!
It’s the kind of service you’ve come to expect from the Comcast name.
If they hired programmers with knowledge and experience rather than the inexperienced H1Bs maybe there could be a better outcome – but idk – this comcast.
Re: Re:
But of course they do, as someone’s got to train the H1Bs, even if it’s for the sole purpose of taking their job away from them when they get laid off.
Re: Re: Re:
I have read about that, how rude.
I doubt the training is thorough.
Also unsurprising, bad Alexa: https://arstechnica.com/gadgets/2018/05/amazon-confirms-that-echo-device-secretly-shared-users-private-audio/
Re: Re:
Amazon needs to step up and make Alexa’s security and privacy
[x] rise
[_] fall
to the level we’ve come to expect from IoT devices!
Re: Re: Re:
I have in my garage a tool that can fix alexa so that it will not spy upon anyone ever again. It is a five pound sledge hammer.
Failure? This is a SERVICE!
If you are paying to rent a Comcast router, Comcast provides a service which makes it easy to find your password in case you forget.
Re: Failure? This is a SERVICE!
Ha! FaaS == Failure as a Service. We finally know what niche Comcast is in!
Re: Re: Failure? This is a SERVICE!
FaaS is produced using FoP. (Failure Oriented Programming)
A legal twist
This could be good news to anyone that is being sued by one of the copyright trolls. If they rent from Comcast they have a perfect defense: Comcast gave away my ID and Password. No one could prove that they had not been compromised.
Maybe the troll should go after Comcast.
I'm happy Netflix grew bigger
With news like this cropping up every week, I am very happy to learn that Netflix has passed the market value for Comcast. Long live the streaming video competitors.
Oracle Fusion Cloud Financials Training | Oracle Trainings
Oracle Fusion Cloud Financials Training | Oracle Trainings
“there’s nothing more important to us than our customers security” – Comcast.
Because Comcast is going to be the ONLY one that steals it’s customers credit cards and bank info and sells them to third party scam companies.