back to article Comcast Xfinity evil twin steals subscriptions

A senior security research engineer at LogRhythm Labs has demonstrated how to steal Comcast Xfinity subscriptions by masquerading as a wireless access point. Greg Foss (@Heinzarelli) published code that could be deployed on a Wifi Pineapple to replicate one of Comcast's million customer-run hotspots across the US. Comcast …

COMMENTS

This topic is closed for new posts.
  1. Mage Silver badge
    Black Helicopters

    UPC

    UPC has a feature where UPC customers can "silently" get WiFi Access from other UPC cable customers providing (on by Default) the feature.

    Ripe for fake WiFi spots (even on UPC Cable or DSL) and Man In the Middle attacks to steal all valuable credentials.

    Also slows access as it's same WiFi channel. So can be used for semi DOS simply by running a connection with a deliberately weak (slow data rate) signal.

    EFF is also proposing people run a "parallel" Free Public WiFi on the their WiFi/Router.

    The problem is that WiFi security isn't "fit for purpose" for Public use unless you only use a suitable VPN over it as you can't know

    a) If it's really who it claims to be

    b) If it has MitM software, with which even HTTPS is vulnerable. I think only suitable well configured VPN is safe.

    c) 3rd parties sniffing all the traffic is easier and more likely in a public space than in your living room. Though not impossible there.

    1. Anonymous Coward
      Anonymous Coward

      Re: UPC

      A couple of things, the more SSID's configured, the slower the throughput. A single beacon cannot be used to announce multiple SSID's as the standard doesn't allow it and even if they did, it would not be backwards compatible.

      Using the same channel for multiple SSID's is the norm; consumer and enterprise gear. Some consumer gear uses different MAC for each SSID configured. Most enterprise gear uses a single MAC for all of the configured SSID's. A user can connect at 802.11b speeds to one SSID and it won't impact the others; someone could connect at 802.11n speeds. To go even further, enterprise gear at 802.11n to have different clients connect at different speeds using the same SSID. All of the AP's have a single radio, so the use of multiple channels is not allowed unless you are talking about bonding.

  2. Nate Amsden

    stuff like this

    is why I almost never use public wifi hotspots, I just use the mifi on my phone instead. Even at hotels (another reason is performance is usually universally bad) I usually stick to mifi.

    my most recent trip was about 10 days and according to my phone I used 1.8GB of data(5GB monthly committed rate).

  3. Anonymous Coward
    Anonymous Coward

    My local Pizza Shop has a sign that says "Free Wifi", and lists their own XFinity Username and Password underneath.

This topic is closed for new posts.