Comcast Exposes Customer WiFi SSIDs and Passwords For Customers Paying To Rent A Comcast Router

from the pay-to-be-hacked dept

Look, when it comes to Comcast, it’s obviously quite easy to slap the company around for any number of its anti-consumer practices. Just sampling from the most recent news, Comcast was sued over its opt-out mobile hotspot from your home router plan, the company has decided to combat cord-cutting by hiking prices and fees on equipment for customers who cord-cut cable television, and it also has put in place a similar plan to charge all kinds of bullshit fees on equipment installations for customers who aren’t bundling in other services with its ISP offering. You should be noticing a trend in there that has to do with how Comcast handles so-called “equipment rental” fees for its broadband customers and how it handles customers that choose to bring their own device to their home networks instead. Comcast has always hated customers that use their own WiFi routers, as the fees for renting a wireless access point represent a huge part of Comcast’s revenue.

Which is why you would think that the company would at least not expose the home networks of customers who use that equipment. Sadly, it seems that Comcast’s website made the network SSIDs and passwords available in plain text of customers who were renting router equipment, while those that used their own routers were completely safe.

A security hole in a Comcast service-activation website allowed anyone to obtain a customer’s Wi-Fi network name and password by entering the customer’s account number and a partial street address, ZDNet reported yesterday.

The problem would have let attackers “rename Wi-Fi network names and passwords, temporarily locking users out” of their home networks, ZDNet wrote. Obviously, an attacker could also use a Wi-Fi network name and password to log into an unsuspecting Comcast customer’s home network.

It should be noted that Comcast almost immediately addressed the security flaw in its website after ZDNet’s report. Still, we’re not in the business of giving high marks to a company that fixes a laughable security hole on its website. Comcast reps also claimed that “There’s nothing more important than our customers’ security.” But, if that were true, Comcast’s position would be to advocate its customers use their own routers rather than renting Comcast routers, as those who did so were completely protected from this security risk.

Just to be clear, we’re talking about really sensitive information exposed by this website flaw. WiFi network names and passwords are one thing, but malicious actors were also presented with the routers’ physical home addresses, despite the attacker not needing a customer’s full home address in order to access that information. And all of this was presented in plain text.

Any company making these kinds of dangerous mistakes would be bad, but it’s worth putting all of this in the context of Comcast both operating in a competition-deprived unregulated ISP market and that it is trying to get even bigger through major acquisitions to gobble up even more market-share. That kind of attempt at ISP monoculture makes any security flaw exponentially worse and Comcast has not demonstrated its ability to live up to the security task.

Meanwhile, why anyone would rent a Comcast WiFi router is completely beyond me.

Filed Under: , , ,
Companies: comcast

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Comcast Exposes Customer WiFi SSIDs and Passwords For Customers Paying To Rent A Comcast Router”

Subscribe: RSS Leave a comment
Anonymous Coward says:

“Look, when it comes to Comcast, it’s obviously quite easy to slap the company around for any number of its anti-consumer practices.”

he he he… regulations? Those things you keep saying are gonna save you? Good luck, even if they do get fined they will not get fined enough to deter, they will likely get fined just enough for it to still be profitable to screw customers. Meanwhile government gets to collect a nifty payday off the backs of the voters AND gets to claim they did something about it.

Sounds like a Win-Win for politicians and a lose-lose for consumers.

Anonymous Coward says:

Re: Re: Re:3 Regs

Well if that is your go to justification then I got some sad news for you.

Do you know how many other people were against the masses only to be proven right later?

Now, time to back up where I am wrong. What am I wrong about? Right now we are looking at the FCC helping businesses instead of the consumers they are supposed to be protecting. So has the FTC, and so has many other agencies as well.

In fact, with all of the revolving doors between businesses and regulatory agencies combined with all of the donations politicians get from them for their campaigns I just don’t know how else to so it…

You guys got suckered… and big time too. In fact this is just like the “Emperor’s new clothes” all over again. The emperor is buck fucking naked, but you won’t dare say it because everyone has already been told, only intelligent people can see them and you dare not reveal yourself to be stupid.

Don’t worry, not only are you being shown for a fool, the emperor is as well. Good luck with all of that, you are clearly going to go far while the business giants continue to rape you as the FCC looks on.

Anonymous Coward says:

Re: Re: Regs

I didn’t say No regs did I? I said “Those things you keep saying are gonna save you?”

What is even better is that “those regulations” are what is keeping these people from having the ability to move away from the garbage that is comcast.

NN is a farce designed to keep you distracted from the bigger picture.

If you want NN, FINE but only AFTER we get rid of the regulations cementing the monopolies these ISP’s are enjoying. Until then, you you are only fighting the symptom and NOT the problem.

Gary (profile) says:

Re: Re: Re: Regs

Which specific regulations support the comcast monopoly and can be removed that will open up the market?
I have a single choice for broadband. Fios has cable running down my street but made the economic decision not to offer me service. There isn’t any law saying they can’t. Spectrum and Fios divied up the city so most areas only have one or the other.

Anonymous Coward says:

Re: Re: Re:2 Regs

They are ON RECORD officially regulating them as monopolies. You are either ignorant or too stpuid to take part in this discussion.

But here you go! A snippet from Wikipedia just to start with.


“For many years, the FCC and state officials agreed to regulate the telephone system as a natural monopoly.[39]”

And you can look up all the lawsuits, deals, and subsidies that have happened for the various ISP’s. I know this will go over your little noggin, but they have very little reason to compete with each other because if they do, then they might start seriously competing back and the only thing they lose is money! The regulatory landscape is PRO INCUMBENT and ANTI NEW BLOOD! It’s not some fucking secret either!

The Wanderer (profile) says:

Re: Re: Re:3 Regs

The phrase “regulate X as a natural monopoly” does not mean “grant a monopoly on X”, but rather “recognize that X is naturally a monopoly, and therefore needs to be regulated so that the monopoly is not abused”.

So, again… which regulations, specifically, are supporting the Comcast monopoly and can be removed in order to open up the market?

Please cite specific regulations from the relevant publications, including links if possible.

Anonymous Coward says:

Re: Re: Re: Regs

You keep attacking regulations that are not exactly the ones you want while ignoring the real problem, the way that regulatory agencies in the US are set up.

Over here in the UK, regulatory agencies generally do their job of protecting the public, but then their heads are not short term appointments, and so there is no revolving door that leads to regulatory capture.

Anonymous Coward says:

Re: Re: Re:2 Regs

“You keep attacking regulations that are not exactly the ones you want while ignoring the real problem, the way that regulatory agencies in the US are set up.”

I will agree with you there. But that cannot change until people start holding Congress responsible for not changing how they are setup. Right now people only want to blame the FCC and hold their own politicians blameless during the next election. Sorry but NN just is not an agenda item during elections for most people, they consider other issues far more important.

“Over here in the UK, regulatory agencies generally do their job of protecting the public, but then their heads are not short term appointments, and so there is no revolving door that leads to regulatory capture.”

I cannot speak to how the UK does things because I don’t care how they do it. I only care how we are doing it. Sure you way might be better but we are not going to get your way either because our politicians get to ignore this problem because my fellow citizens are fucking clueless as can absolutely be.

Anonymous Coward says:

Re: Re: Re: Regs

Hey chip! Welcome back you silly fucking idiot!

I actually DO say “all regulations are bad”… you can’t even lie correctly.

Here is my position.

all regulations are bad, but I do not agree with total deregulation because while regulations are bad, there are worse things to deal with than regulations.

So, I fully support those “bad regulations” to help ensure that anti-trust and anti-monopoly tolls are available to fight off the negative effects of plain old natural “human greed” in Capitalism. You see, when a business obtains a monopoly or builds a trust that creates a conflict of interest it does not serve “the people” so they need a way to fight them other than “free-market”. Free market mind you is still essential, but it is clear that people are far to lazy and ignorant to fight corruption, especially when that corruption services them. So there needs to be a 3rd party given power to help get rid of it.

It’s not perfect, but nothing is perfect anyways.

I know this is all too much for you to swallow after you have filled up on paint chips but please try anyways!

Anonymous Coward says:

Re: Re: Re:3 Regs

lets talk specifics.

the words “less regulation” means exactly shit and simultaneously reveals that you not only do not know what you are talking about but also think that only adding regulations is the solution.

I propose removing the regulations that allow the businesses to own private property on public lands. This means the wires become public property just like roads. The government can then invite private businesses to bid on how much they would charge to build out infrastructure. The businesses using those wires share the cost of that according to their customers usages.

Keep the anti-trust and anti-monopoly regulations, in fact make the STRONGER!

Now, I am sure that this would results in a net reduction of regulations because I would also want to get rid of all the rules allowing local governments to make exclusive deals with businesses either.

And I would definitely want to send the FTC a huge fucking wake-up call by mass firing the regulators and telling them that their budgets are 80% reliant on the fines the access from the Telco’s. When money if a motivator they will jump on them like city cops on traffic violators. ISP will eventually lose enough money to stop playing the game.

The Wanderer (profile) says:

Re: Re: Re:4 Regs

Oh, hey, here’s an actual specific regulatory proposal!

Followed by a vague generality about antitrust and anti-monopoly regulation (that’s a fairly broad field, but it’s still not clear which regulations you do and don’t consider to qualify), and a proposal for “fire them all, then give their replacements a strong incentive to over-regulate”, which seems so self-evidently stupid I don’t even know where to start talking about it.

But hey, one specific regulatory proposal is at least a starting point for a discussion!

Anonymous Coward says:

I just don’t understand this. Wireless routers are dirt-cheap, you can buy one from just about anywhere, install it yourself, set it up exactly the way you like, and NO ONE ELSE will know the password or any other details.

Even if you RENT a router from your cable provider, there should not be any difference. It’s hard to imagine that personal information that should remain locally in the router is somehow (and for no good reason) getting transmitted to their corporate office. (But then the MAC address of every computer ever plugged into the modem is transmitted to the ISP, which they log and save forever, an appalling violation of privacy)

DannyB (profile) says:

Re: Re:

Making your WiFi password public is a free service of Comcast. Free with your equipment rental.

When a guest asks “What’s your WiFi password?” you can simply tell them you’re on Comcast they can easily look up your WiFi password.

When the neighbor’s kid wants to download copyright content, he can easily and conveniently use your WiFi password! That’s convenience!

It’s the kind of service you’ve come to expect from the Comcast name.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...